[HN Gopher] Tor Browser 12.0
___________________________________________________________________
Tor Browser 12.0
Author : soheilpro
Score : 190 points
Date : 2022-12-07 17:03 UTC (5 hours ago)
(HTM) web link (blog.torproject.org)
(TXT) w3m dump (blog.torproject.org)
| autoexec wrote:
| Regardless of the issues with TOR itself, or the areas where I
| disagree with Tor Browser's approach, I love the project anyway
| because they're great about identifying and tracking all the
| things Firefox does that could put our privacy at risk. Having
| more eyes on Firefox update after update is wonderful and I've
| been incorporating many of their setting changes for years. I
| hope they can keep doing what they do for a long time!
| goombacloud wrote:
| It's sad to see that Apple Silicon gets extra treatment and arm64
| work suddenly gets done while for Linux it's still amd64-only.
| With Signal it's the same and they also don't offer arm64 builds.
|
| Nowadays it's very easy to build for arm64 - you either go the
| way with cross compilation or you go the way with full qemu
| binary emulation which is as simple as it gets because you would
| build within an arm64 docker image, e.g.,
| docker.io/arm64v8/alpine or docker.io/arm64v8/ubuntu and qemu-
| static handles the emulation (it will be slower than cross
| compilation but as long as speed is acceptable you can go this
| easy way).
| data_maan wrote:
| All comments here focus on extreme cases: The police viewing you
| as a possible suspect, FBI becoming interested in you etc.
|
| Here is a much more mundane problem: Using Tor (even a VPN) while
| logging in to most big Silicon Valley firma that make money with
| your data (LinkedIn, Facebook, Tinder etc.) will result in your
| profile being suspended REAL FAST with the only way out to upload
| your gov't ID, i.e. complete deanonimization (perhaps as a kind
| of punishment).
|
| Any solutions?
| New_California wrote:
| I struggle with the very same problem. Even connecting a real
| physical SIM won't protect accounts from suspension. This is
| crazy because it isn't based on behavior on the platform (like
| posting too much or liking too much) but merely on the IP and
| browser fingerprint.
|
| Unfortunately, no solutions in sight.
| ipaddr wrote:
| Stop using those services. This is a clear message that you
| cannot use them privately.
| deadfromtor wrote:
| Just FYI that HN is very anti-tor. I made this account via Tor
| just now to prove the point. It will be dead by default (unless
| someone "vouches" for it). It's a very user-hostile stance that
| HN takes (along with not letting you delete your account). It
| really makes you wonder what they're doing with all this data?
| Doxxing is almost a given.
| matkoniecz wrote:
| > Just FYI that HN is very anti-tor. I made this account via
| Tor just now to prove the point. It will be dead by default
| (unless someone "vouches" for it).
|
| Also, Wikipedia blanket-bans Tor because it make trivial to
| avoid bans and blocks.
| dang wrote:
| The restrictions go away after a while, and in the meantime
| users can vouch for the comments that aren't trolling or spam.
| They did exactly that for your comment here, as well as for
| https://news.ycombinator.com/item?id=33898410.
|
| This seems to me a reasonable design that balances the
| competing concerns. I like that both of these comments turned
| into examples of the system working properly. It's true that
| they had to wait a little before getting unkilled*, but that's
| not "very anti-tor" nor "very user-hostile".
|
| (* 20 minutes and 10 minutes, respectively)
| LinuxBender wrote:
| I created my account here using a MitM Squid SSL Bump proxy in
| a VPS provider and posted from that proxy for a few years. Once
| in a blue moon I would get rate limited, I assume because this
| site was being abused. AFAIK my posts were never affected by
| using my VPS proxies. VPS IP's and Tor exit node IP's are often
| treated as equally hostile by many sites but not here. I avoid
| Tor because every time I tried it there was just too much
| latency for me and I don't like someone else controlling the
| exit node.
|
| I eventually stopped using the proxy here on HN not because of
| this site but Cloudflare and Google would grief me on so many
| sites that people submit here which made it hard for me to
| review them and submitting everything to archive.ph is time
| consuming. I keep the MitM proxy around in case I need to go to
| a very hostile website or if I want to leave a funny PTR DNS
| record in their logs.
| nonrandomstring wrote:
| > HN is very anti-tor
|
| If by "HN" you mean the site technology and administrative
| policy, this is quite untrue.
|
| I always connect by Tor (simply because I connect to everything
| by Tor) and never experience _any_ problems with;
| torsocks www https://news.ycombinator.com
|
| FWIW my account here was created over Tor, and only later when
| I decided the site was kosher and a relatively friendly place
| did I decide to add personal details. I don't post here with
| any illusion of anonymity, rather Tor is part of my daily
| dealings with the internet for a generally pro-active security
| stance. I trust that a tool created by the US Navy with
| "defending and spreading democracy" in mind is fit to defend my
| own needs.
|
| I hope that like Facebook, NY Times and the BBC, we may one day
| see a Hacker News hidden service onion address.
|
| That said there does seem to be a negative attitude toward Tor
| from certain Cloud companies that Flares up here from time to
| time. They seem unable to reconcile individual desires for
| personal privacy technologies with their business model of
| defending free speech from DDOS attacks. It's a complex problem
| but I do wish they'd try harder yo get on-board with the
| programme in a world where threats to clients are at least as
| serious as those facing service providers.
| imchillyb wrote:
| "Just FYI that HN is very anti-tor..." @deadfromtor
|
| Citations please?
|
| Otherwise this is horseshit. Many of HN's users signed up and
| access HN from tor.
|
| I /often/ utilize the tor browser to access HN. I've not had a
| single issue /ever/ with that.
| alexb_ wrote:
| Or they realize that letting Tor users makes spam explode.
| ehPReth wrote:
| most sites seem to treat Tor poorly, possibly due to abuse.
| well-used VPNs also can suffer from Google captchas etc. not
| that I like that fact, but it seems to be inescapable
| amideadfromtor wrote:
| Different poster here. This account and post were done over
| Tor. Let's see if this holds.
|
| EDIT: Yup; dead on arrival.
| sterlind wrote:
| it's more likely they do this to combat spamming. accounts
| created by Tor are more likely to be used for spam than for
| legitimate discussion, since Tor evades IP reputation.
|
| I'm sure you could email @dang and ask to be un-shadow-banned,
| and he would do so.
| jbm wrote:
| Wouldn't emailing @dang be against the purpose of Tor, which
| is to enhance privacy?
| super256 wrote:
| > Wouldn't emailing @dang be against the purpose of Tor,
| which is to enhance privacy?
|
| Just use webmail in your tor browser. And don't send it
| from your main gmail, but create a throwaway.
| pbhjpbhj wrote:
| Neither Google search nor YouTube seem to work (other
| than very sporadically, presumably if they've not had
| chance to block an IP yet) over Tor, does GMail?
| Ajedi32 wrote:
| It's pretty hard to sign up for an email account over
| Tor. The closest I've seen is Protonmail, which will let
| you make an anonymous account in exchange for a Bitcoin
| payment.
| ipaddr wrote:
| disposable email services.
| nirvgorilla wrote:
| Yup. Suspicious just like when reddit became hostile to Tor.
|
| It's also a violation of the spirit of the internet. Tim
| Berners-Lee wrote about this in the December 2010 issue of
| Scientific American that any walled off website that blocks you
| from accessing it is unacceptable because it's not the web
| anymore.
| pbhjpbhj wrote:
| For me old.reddit.com seems to work just as well with or
| without Tor (eg via Brave). The website served at the raw
| domain barely functions IME, so perhaps that's where the
| issue lie?
| bombcar wrote:
| The problem is user account creation, usually.
|
| Read-only access works pretty well in most cases (unless it
| is behind Cloudflare, then you're @#$%@#^%).
| orthecreedence wrote:
| > Suspicious just like when reddit became hostile to Tor.
|
| And any website using Cloudflare.
| Ajedi32 wrote:
| Does that restriction go away after you get enough reputation?
| Or does every single comment need to be vouched for even after
| several have been posted and accumulated upvotes?
| dang wrote:
| The former.
| super256 wrote:
| How is HN anti-tor? Everyone can read your comment. Wdym by
| "vouching"?
|
| Also, HN deletes your account when you them send a mail as
| stated in the FAQ. It always sucks to delete accounts with user
| comments, as it destroys context in old threads.
|
| As spiders crawl the web humans should consider anything they
| post online as undeletable. If you send HN the beforementioned,
| there is a chance that I can still browse your posts via
| archive.org or google cache.
|
| If you're afraid of doxxing, maybe make a second thought before
| hitting "reply".
| input_sh wrote:
| > Everyone can read your comment. Wdym by "vouching"?
|
| There's "showdead" profile setting that allows you to see
| flagged comments, and enough "karma" allows you to vouch for
| hidden-by-default content.
|
| It's one of those hidden (somewhat) features:
| https://github.com/minimaxir/hacker-news-
| undocumented#flaggi...
| mothsonasloth wrote:
| sasattack wrote:
| Could we maybe not on this website use the term glowie
| considering it's explicitly sourced from a neo nazi and a
| phrase involving the n word. seems like maybe not real in line
| with HN rules....
| orthecreedence wrote:
| I thought glowie was a term used to describe undercover
| FBI/CIA agents. It's in frequent use in leftist
| (communist/anarchist, not liberal democrat) forums.
|
| Is there actual substance behind this claim of its origins or
| is it yet another tired attempt to rewrite language for no
| particular reason?
| mothsonasloth wrote:
| It originated from Terry Davis the creator of TempleOS, but
| okay I get your point.
| sasattack wrote:
| True I miss remembered the details. but it has been so
| amplified by neo nazis that wikitionary sources them as
| popularizing it .
| data_maan wrote:
| I once spoke with someone who knew someone who ran an exit node
| in Europe. He told crazy stories with police knocking every once
| in a while.
|
| Also the legal structure to do that was tricky, because you want
| to avoid the police searching your house; you'd also like tl
| spread responsability on multiple shoulders. So you have to
| create a kind of non-profit organization and run the exit node
| through that.
|
| It's very hard work and we should be thankful for the people who
| do it.
|
| Does anybody know more about how exit nodes are being run?
| [deleted]
| robert_foss wrote:
| I ran one in my student housing wardrobe a decade or so ago.
|
| I too have some stories, but no one ever met up with me in the
| flesh.
| jason-phillips wrote:
| Come on then, no need to be coy.
| robert_foss wrote:
| For example, once or twice people called me (somehow) and
| asked why I was hacking their websites. I tried to explain,
| but I doubt I convinced anyone.
| hdheiehdfhfuf wrote:
| Do Not Run An Exit Node!
|
| very few people have legitimate uses for an exit node. And it
| is a security nigthmare for everyone (you owning their crimes,
| them being at your MiTM attacks mercy, etc)
|
| But Do Run A Tor Node!
|
| everyone should join tor and it should become the main net,
| with only tor traffic.
| charcircuit wrote:
| An ISP doesn't own the crimes that an attacker sends through
| them.
| implements wrote:
| Well, I'm going to burn some karma by agreeing with you.
|
| Running an exit node is a bit like operating a no questions
| asked gun shop in downtown (some deprived city).
|
| Sure, there's perfectly legitimate reasons to own and
| therefore sell a gun to someone, but that particular shop
| will be in the business of facilitating crime - and that's a
| bad thing and therefore not a moral occupation.
| hnarn wrote:
| > But Do Run A Tor Node!
|
| Just a word of caution, while running a non-exit node is
| obviously safer from a legal point of view, the entire list
| of active tor nodes isn't secret, and there are enough people
| in the world that do not understand how tor works that the
| chance is non-zero that you'll still end up on a block list
| somewhere for simply being a "tor node", even though you
| never let any of the tor traffic out on the Internet.
|
| I know for a fact this can happen because it happened to me.
| bauruine wrote:
| I'm running exits since about 9 months. Have been running non
| exits for over a decade before. The exits are run by a non-
| profit (a Swiss Verein) and use the recommended setup like
| described in the blog post. The ISP knows it's an exit, it has
| a page on port 80 describing it and a PTR record that contains
| tor-exit.
|
| No contact with the police till now.
|
| If you would like to support the Tor network but don't want to
| run nodes yourself you can donate to one of the relay
| associations https://community.torproject.org/relay/community-
| resources/r...
| dewey wrote:
| > Does anybody know more about how exit nodes are being run?
|
| They have a good list of points on the Tor site. The most
| important ones are usually to distance yourself from the exit
| node and make it obvious what it does so you don't get
| entangled into whatever is going through the node.
|
| https://blog.torproject.org/tips-running-exit-node/
| optimalsolver wrote:
| The inescapable fact about Tor is that its traffic patterns make
| you stand out prominently.
|
| Just the fact you're using it automatically makes you interesting
| and worthy of a closer look.
|
| All well and good if you're just maintaining a cookie recipe site
| on the dark web, but it's rarely ever that, is it?
| sterlind wrote:
| a closer look maybe, but unless they break Tor they'll only
| have a close look at your timing traffic.
|
| if you're worried, you could use a popular VPN to connect to
| Tor - using a VPN is less interesting. also, P2P app developers
| could consider running non-exit nodes in their clients for
| popular apps. there shouldn't be legal risks unless you're
| running an exit node, and this adds more noise to the signal of
| Tor users.
| godelski wrote:
| Why are exit nodes more legally perilous than non-exit nodes?
| sterlind wrote:
| they shouldn't be, but there's a practical difference in
| how often your house gets raided by FBI agents.
|
| if a Tor user uses your exit node to email a bomb threat or
| access child porn, it's your source IP that shows up. the
| FBI should check your IP against the registry of exit node
| IPs, but if they don't it's still your door getting kicked
| in.
| bombcar wrote:
| Exactly - and I've noticed there aren't very many exit
| nodes at all, small enough that I can start to recognize
| them by name.
| HackerNCoder wrote:
| Yea, there is only about 1000 (actually 1300, I just
| checked) exits - out of only ~6000 nodes total, the Tor
| network is actually kinda small.
| bluesttuesday wrote:
| Using a VPN to connect to Tor can decrease anonymity. The Tor
| wiki has a whole page about the topic https://gitlab.torproje
| ct.org/legacy/trac/-/wikis/doc/TorPlu...
| sterlind wrote:
| the scenario I'm describing is "You -> VPN/SSH -> Tor" and
| your link says it's a fine idea.
| veeti wrote:
| I once tried running a non-exit node and quickly found that a
| lot of sites would blacklist my IP regardless. Can't
| recommend.
| shaky-carrousel wrote:
| It is, in my case. All my system updates run over Tor. I do it
| to generate noise.
| jerheinze wrote:
| This is one of the main reasons why I keep using Tor daily.
| The more people use Tor for normal browsing, the less
| interesting it becomes to be a Tor user, the better the
| anonymity for everyone else.
| INeedMoreRam wrote:
| I also use Tor sometimes for the sole purpose of muddying
| up the waters for investigators.
| Scoundreller wrote:
| I use it to get around many paywalls.
| CommitSyn wrote:
| Similarly, I use it to train my internal neural net to
| better answer Cloudflare CAPTCHAs.
| shaky-carrousel wrote:
| Quoting Phil Zimmermann:
|
| What if everyone believed that law-abiding citizens should
| use postcards for their mail? If a nonconformist tried to
| assert his privacy by using an envelope for his mail, it
| would draw suspicion. Perhaps the authorities would open
| his mail to see what he's hiding. Fortunately, we don't
| live in that kind of world, because everyone protects most
| of their mail with envelopes. So no one draws suspicion by
| asserting their privacy with an envelope. There's safety in
| numbers. Analogously, it would be nice if everyone
| routinely used encryption for all their email, innocent or
| not, so that no one drew suspicion by asserting their email
| privacy with encryption. Think of it as a form of
| solidarity.
| jerheinze wrote:
| You can use pluggable transports to camouflage your traffic
| (they're already built into the Tor Browser, e.g. snowflake,
| obfs4 ...).
| [deleted]
| pr337h4m wrote:
| The Brave browser has around 60 million MAUs and has Tor
| bundled with it, so Tor traffic is unlikely to stand out as
| much as before.
| bravetraveler wrote:
| Similarly, as do the Trezor wallets.
|
| Quite a few people involved in crypto send a bit of TOR noise
| across the wires using that client to do transactions
|
| This is a good point, though. We need more and more things to
| use it (legitimately) so that the traffic alone isn't _as_
| suspect.
|
| It'll always be a little suspect, I suppose, being only
| visible to exit nodes or whatever
| thekyle wrote:
| I believe the Tor feature of Brave is an optional setting, so
| I assume only a small fraction of their MAU use it.
| Gigachad wrote:
| It's not a setting, it's like their version of an incognito
| tab. You can right click a link to "open in tor"
| yreg wrote:
| They also have private windows without Tor and the users
| probably found out that Tor takes quite longer and works
| only half the time compared to the ordinary private
| window, so I wouldn't get my hopes up that it is adopted
| massively.
|
| (Still, it's great they have done that.)
| Mistletoe wrote:
| Wow this is really cool. I need to look into Brave again.
| dhaavi wrote:
| Afaik, it does not use Tor from within the browser, but
| uses a proxy server into Tor. That could have changed
| though.
| CommitSyn wrote:
| It would certainly make sense from a marketing
| perspective to claim it's using tor, and then have a tor-
| proxy service (think onion.cab) use tor for hidden
| services and also _attempt_ to use tor for clearnet
| traffic but fail back to regular proxy if it fails.
|
| If it were directly using tor then I'd have to agree that
| most people wouldn't use it. Only those that are
| technical enough to understand what's going on and the
| security aspects. But they wouldn't be using Brave for
| the Tor functionality, they'd be using Tor Browser.
| anotheraccount9 wrote:
| Sounds like I should use my session for multiple unrelated
| activities while using Tor, to cover only for one of them
| (before changing my fingerprint)
| bitL wrote:
| Even if you run it over a VPN connection?
| tylersmith wrote:
| Yes, you just stand out to the VPN provider instead of your
| ISP. The VPN traffic itself makes you stand out to your ISP
| but in a different way.
| yucky wrote:
| There is also the inescapable fact that Tor was created by US
| Intelligence, specifically the US Naval Research Lab[0]. And
| according to FOIA documents it continues to receive a huge
| chunk of funding & resources from US Intelligence, particularly
| from the United States Agency for Global Media (formerly the
| Broadcasting Board of Governors), which supervises our
| propaganda channels Voice of America and Radio Free
| Europe/Radio Liberty[1].
|
| As far as I can tell, the US Intelligence community has never
| explained it's aims/goals for Tor. The fact that Tor not only
| attracts the type of traffic that US Intelligence would have a
| lot of interest in monitoring, but also by design then funnels
| that traffic through a small number of exit nodes, makes it
| seem self-explanatory. But I wouldn't want to presume anything.
|
| [0] https://en.wikipedia.org/wiki/Tor_(network)
|
| [1] https://www.documentcloud.org/app?q=%2Bproject%3Athe-tor-
| fil...
| neilv wrote:
| I use Tor Browser as my daily driver (for everything that
| doesn't need me to be logged into an account), for an on-
| principle protest against the out-of-control _commercial_
| surveillance that almost every Web site willingly
| participates in.
|
| The federal government isn't in my threat model, and "you
| can't fight city hall".
| HackerNCoder wrote:
| You don't need (outdated) FOIA documents for that... Go to
| https://www.torproject.org/about/sponsors/ and you will see
| that they get money from the US government, if you want to
| know more about how much, go check the IRS 990 forms [1] or
| check the blog post that explains the 990, it also gives
| clear percentages on how much comes from where, [2]
|
| [1] https://www.torproject.org/about/reports/ [2]
| https://blog.torproject.org/transparency-openness-and-
| our-20...
| yucky wrote:
| This part appears to be missing from the Tor website:
|
| > _2,500 pages of correspondence -- including strategy and
| contracts and budgets and status updates -- between the Tor
| Project and its main funder, a Central Intelligence Agency
| spinoff now known as the Broadcasting Board of Governors
| (BBG). These files show incredible cooperation between Tor
| and the regime change wing of the US government._
|
| So the documents acquired via FOIA requests are worth
| reading, and it's worth discussing why the US Intelligence
| community has such an active interest in propping up Tor.
| bombcar wrote:
| It's pretty obvious that TOR is a helpful tool if you're
| doing spyshit in foreign countries.
| [deleted]
| dinosaurdynasty wrote:
| AFAIK there are US intelligence agencies that rely on and use
| Tor for their agents abroad and US intelligence agencies that
| try to break it for their own reasons.
| treebeard901 wrote:
| While this is true, it shouldn't make anyone more worthy of a
| closer look. It's the same argument used to justify mass
| surveillance. Trying to defend a Constitutional right to
| privacy, if one exists in your country, does not mean you are
| automatically trying to hide doing something wrong.
| kube-system wrote:
| I didn't take the parent comment to be referring to
| governments. Most of the internet is made up of private
| organizations, many of which are interested in the traffic
| they carry.
| sasattack wrote:
| Also you are providing cover to agents of US intelligence who
| use it
| sterlind wrote:
| iirc IC still mostly uses burner shell companies for IPs, at
| least for running ops. Tor is fine for innocuous browsing but
| Tor exit nodes will stick out like a sore thumb in the
| victim's logs or IDS.
| pbhjpbhj wrote:
| I'm not someone who looks at a lot of server logs, but what
| characterises entries as being from Tor?
| bombcar wrote:
| Being on the list of TOR exit nodes:
| https://www.dan.me.uk/tornodes
| chefandy wrote:
| A colleague at a former academic job was questioned by campus
| police because he was one of a handful of people on the
| university network connected to TOR when a bomb threat was
| submitted (I forget how, though) from an IP address running a
| TOR exit node. Bomb threats from students were pretty common
| during exams, so after the cops saw that it was our very
| privacy conscious dev ops guy they didn't pursue him as a
| suspect. If the person who did it connected to TOR from the
| university network to submit a bomb threat to duck an exam,
| they definitely deserve to get caught. I think that qualifies
| as "just enough knowledge to be dangerous."
| scrlk wrote:
| Was it this incident?
|
| https://www.theverge.com/2013/12/18/5224130/fbi-agents-
| track...
| andirk wrote:
| Sometimes it goes the other way too. In my high school, a
| handful of kids wore all black every day. They were harmless
| valley girls/guys if you spoke with them. I figured they
| _wanted_ to be seen as a threat.
|
| Why would someone make a legit bomb threat? Isn't the point
| of the bomb for it to explode?
| acapybara wrote:
| Maybe this could be a good thing for business development?
|
| Could we convert our "observers" into early customers?
| insanitybit wrote:
| > The inescapable fact about Tor is that its traffic patterns
| make you stand out prominently.
|
| I'm curious as to how it stands out. I can imagine a few
| things, like an ISP seeing traffic to known TOR intermediary
| nodes, or maybe analyzing packets to look for some sort of
| handshake?
|
| > Just the fact you're using it automatically makes you
| interesting and worthy of a closer look.
|
| Sort of. But what would looking do? What does looking mean? The
| traffic is encrypted, they can look all they like. In the US
| they'll need more than "they connected to TOR" to get a warrant
| to search your device.
| goodpoint wrote:
| > All well and good if you're just maintaining a cookie recipe
| site on the dark web, but it's rarely ever that, is it?
|
| No, it isn't rare. Plenty of people use Tor for casual browsing
| without triggering invasive ads and similar. It just works.
| londons_explore wrote:
| Tor can be made substantially less obvious if you make sure the
| bitrate and packet timings over each 'hop' of users connections
| are fixed.
|
| Eg. each client sends out 1000 1 kbyte packets per second to
| each peer, once per millisecond. Inside each packet, they send
| the onion encrypted user data. The rest of the packet is filled
| with rand().
|
| Without that protection, any network attacker can do packet
| size and timing analysis to unmask nearly any user rather
| quickly.
| data_maan wrote:
| I took class in IT privacy back in the day. Exactly this idea
| came up. And while it really disables certain kinds of timing
| based attacks, the problem is it doesn't scale. If everyone
| did this, it seems the network would be flooded.
| yjftsjthsd-h wrote:
| Is that individually tunable, or are you suggesting something
| that the project would have to change in their code?
| resuresu wrote:
| Submit a pull request then.
| orthecreedence wrote:
| I use it when looking up drugs and medical conditions. If the
| NSA wants to spend their budget connecting me to searches about
| sumatriptan or plantar fascitis then that's a useful (useful to
| me, fuck the NSA) waste of their time. If not, then it creates
| noise for the rest of the network.
| time_to_smile wrote:
| > but it's rarely ever that, is it?
|
| Maybe I'm unique, but my dark net activity is usually pretty
| tame. The number one reason I use Tor is because browsing onion
| sites reminds a bit more of how the web used to be in the late
| 1990s. Lot's of garbage of course, but a lot more serendipitous
| discovery than the web today.
|
| Because of its anonymous nature Onion sites are inherently
| resistant to being swallowed whole by advertising. Nobody on
| the dark web is creating "content marketing", if someone is
| trying to sell you something it's obvious. You're not the
| product on the dark web.
|
| I know it's wishful thinking, but I often hope for a parallel
| web to really thrive on Tor.
| mypastself wrote:
| If I may ask (provided you're comfortable with disclosing)
| what kind of content do you find there that's genuinely
| interesting?
| shaky-carrousel wrote:
| Personal blogs in my case. I find a similar landscape on
| Gemini. I really dislike the noise proeuced by ad-sponsored
| websites.
| mhitza wrote:
| While not Tor, I browse I2P websites from time to time.
| tracker2.postman.i2p is a great torrent tracker if I want
| to easily get access to leaked material I read in the news
| about. And planet.i2p to see newly "registered" websites.
| Content on those websites vary, but I've stumbled upon a
| couple of blogs, ranging from the mundane, to conspiracy
| theory blogs, which are also fun to read. It really does
| give you that 90s internet feeling.
| bombcar wrote:
| A surprising number of "clarinet" (er clearnet spellcheck)
| sites have onion sites, if you use Brave and TOR it
| sometimes shows up a little onion in the right telling you
| there's an onion version available.
| Scoundreller wrote:
| The regular tor browser does this too.
|
| Nytimes.Com is an example.
| agilob wrote:
| So I guess Mozilla isn't working on unforking tor browser?
| chungy wrote:
| It's pretty much already happened. Tor Browser is little more
| than stock Firefox with some of the settings changed.
| HackerNCoder wrote:
| Gigachad wrote:
| They are probably not satisfied that Tor doesn't have a
| deplatforming mechanism.
| goatcode wrote:
| I'm glad this knowledge and discussion is still alive and
| well. F them for this.
| orthecreedence wrote:
| Can you elaborate on this? I think I'm missing some context.
| Gigachad wrote:
| Based on their blog post where they want more deplatforming
| capabilities https://blog.mozilla.org/en/mozilla/we-need-
| more-than-deplat...
|
| There was also a comment from one of the Tor foundation
| members about how they wish they were able to deplatform
| kiwi farms from tor but it's technically not possible.
| encryptluks2 wrote:
| I'm surprised that they haven't bundled Arti, their Rust-based
| tor client implementation. I will say I am thankful for Tor
| Browser, but any JavaScript-enabled browser seems like the wrong
| choice for privacy and security.
| dinosaurdynasty wrote:
| Arti doesn't even support hidden services yet.
| capableweb wrote:
| 1) Arti is basically a prototype at this point, including it
| already would be reckless, 2) Arti is a client for the Tor
| protocol, and including it in the browser wouldn't have any
| impact if JavaScript ships enabled/disabled by default in Tor
| Browser, 3) if you really want to, you can easily change the
| "Security Level" in Tor Browser to disable JavaScript for all
| websites by default.
|
| As an alternative for the last point, turn the Security Level
| to "Safest" or however it's worded, then use the included
| NoScript addon to enable it for just sites that just won't work
| without JavaScript. You get functional web + JS disabled in
| most places where you can.
| nibbleshifter wrote:
| Arti isn't ready for production use yet. Its a long ways away
| from being usable in TBB or as a full drop in for tor itself.
|
| I think in a years time that will change.
| Aisen8010 wrote:
| I installed the Tor Browser to access the Z Library a few days
| ago. I guess I shouldn't complain, but the downloads are very
| slow (I'm not sure if the problem is in my end).
| Synaesthesia wrote:
| In general connecting over Tor or I2p is slow.
| UncleSlacky wrote:
| Check Library Genesis (on the open web) before resorting to
| z-lib, as that's where z_lib got most of their content in the
| first place.
| edgyquant wrote:
| Tor works by proxying through (at least) 3 PCs before hitting
| the open web. The problem is that you're trying to download
| big files which is not a use case for tor.
|
| It's specifically for browsing the web anonymously.
| at-fates-hands wrote:
| When I first starting using Tor in the mid aughts, I was
| using it to download movies and music. I remember talking
| with a security friend and he was like, "Bruh, what are you
| doing? That's not what Tor is for." and then launched into
| a 20 min rant about why I was misusing Tor and affecting
| other people using the service by what I was doing.
|
| It was a good lesson and helped me realize what Tor should
| really be used for.
| bombcar wrote:
| It's likely that downloading music and movies is actually
| _helpful_ for those using TOR to "avoid death" - because
| it provides more cover and traffic.
| ehPReth wrote:
| Was it always 7? I seem to remember it being like 3-4?
| super256 wrote:
| https://i.imgur.com/h1vlxNh.png
| bauruine wrote:
| For a circuit to clearnet it's 3. Guard --> Middle -->
| Exit. For a onion service it's 6 and the connection is a
| bit more complicated [0]. The speed varies from very fast
| to unbearable depending on your circuit and how bad the
| ddos is at that moment. [1] You can try to create a new
| and hopefully faster circuit by clicking on the onion
| symbol on the left in the address bar.
|
| [0] https://github.com/mikeperry-
| tor/vanguards/blob/master/READM...
|
| [1]
| https://status.torproject.org/issues/2022-06-09-network-
| ddos...
| edgyquant wrote:
| My mistake, updated my comment
| bauruine wrote:
| In your defense I also wasn't sure for a minute and had
| to look it up. Could also have been three hops to the
| intro point from the onion service.
| makerofspoons wrote:
| Connecting to hidden services it's 6 hops, reaching out
| to the internet it's 3 hops.
| ravenstine wrote:
| I've basically come to the same conclusion having attempted to
| use a lot of Tor Browser's default config in Firefox. Most of
| it is a good idea, but trying to be untrackable while
| JavaScript is turned on seems futile. Every single browser's
| APIs are leaky as hell. No matter how many things are turned
| off or obfuscated, there's always a few unique-ish details that
| are exposed that create a fingerprint.
|
| There was one point where my anti-fingerprinting tactics _did_
| appear to fool Panopticlick, but that apparently didn 't last
| long. Fingerprinting and anti-fingerprinting are a cat and
| mouse game, and much worse so than just ad-blocking because
| there's more at stake than just being annoyed by banners.
| There's also _way_ too many websites doing everything, and I
| mean _everything_ with JS. Fricking blog sites half the time
| display nothing more than a motionless loading spinner if you
| don 't have JS turned on. And if you turn JS on well good luck
| because lots of things want to use <canvas> to render things
| that don't even strictly need it, and you're really not going
| to casually enable canvas for certain things? Even the list of
| fonts is a decent metric for fingerprinting, yet that's rarely
| taken seriously because even privacy experts seem to believe
| that every website needs to display its own fonts for "brand
| identity."
|
| Though I would stay away from Tor anyway, if I were to use it,
| JS would have to be turned off entirely.
| rodric wrote:
| My default browser is Librewolf with JavaScript turned off.
| If a page fails to load correctly, I reopen it in Firefox
| private browsing mode (or, if it _still_ fails, Chrome
| incognito mode). If it's a site I expect to come back to in
| future, I bookmark it in Firefox and assign it its own
| container using the Multi-Account Containers extension.
| bawolff wrote:
| Security is always a compromise between competing concerns. A
| browser that cannot browse a significant chunk of the internet
| doesn't get used and helps nobody.
___________________________________________________________________
(page generated 2022-12-07 23:00 UTC)