Teacher
Professional
- Messages
- 2,670
- Reaction score
- 780
- Points
- 113
"Is it safe enough to rely on?" Shalom! — this is one of the most frequently asked questions about the Torah, and here people are divided into two camps:
First: Tor supporters who defend this technology as freeing people from the gaze of Big Brother.
Second: Tor opponents who claim that it is a decoy funded by the US Navy, stuffed with NSA exploits, which sniffs your traffic and hacks your documents. Well, the real state of affairs is somewhere in the middle.
Claim: Tor is funded by the US Navy.
Although this is true, but this statement is very simplified and has little effect on anything. In reality, the US Navy funds Tor because it is useful for its operations (its foreign operatives need a secure communication method that is not allocated, and Tor provides it), and it is also useful for many other government services, such as law enforcement.
However, the main issue here is the impact: what if Navy funding forced the Tor developers to add a Navy-only backdoor? The problem is that Tor is an open source project, and introducing a backdoor into such code, which is scrutinized by skeptics, would be a pretty bad idea. If the Navy wants to use honey pot for surveillance, it would be much easier to create a company that provides VPN services with very competitive prices. After all, there is no way to check whether the VPN keeps logs or not.
Claim: Tor exit nodes monitor your traffic.
It's a bit more complicated here, because there's no way to check it. In addition, we must distinguish between privacy and anonymity: exit nodes that monitor Internet traffic do not necessarily compromise your anonymity if you do not send personally identifiable information. In other words, if they just see a Reddit page load, they have no way of knowing who is uploading it unless it is accompanied by some piece of identifying information.
However, some such nodes have been caught listening for traffic, but the vast majority have not, many of which are managed by privacy organizations such as Mozilla. In addition, using SSL / TLS makes it much more difficult to listen to people's traffic, and trying to hack SSL / TLS radically increases the probability of detecting a malicious exit node. Finally, traffic to and from hidden services (.onion) never passes through the exit node, so the argument simply doesn't apply here.
In short, if you use SSL / TLS wherever you can and don't send identifying information without it, the chance of the exit node stealing your data is very low.
Claim: Tor is susceptible to correlation attacks.
It really is. If one entity controls both the input (protection) relay and the output relay, then they use statistics to potentially identify you.
Please note that they cannot decrypt messages
Your traffic is still private, but they will know your IP address and the IP address of whoever you are talking to.
This is a very difficult problem to solve, but given the number of Tor relays, it is unlikely that your traffic will pass through the necessary guard and exit relays. Moreover, all of these attacks have false-positive metrics, which means that out of a hundred thousand users, they can narrow down the search to you and 5,999 others (6%). In any case, this is not very useful, and therefore such attacks are usually aimed at hacking the Tor Browser itself.
Claim: Tor Browser was and will continue to be vulnerable.
Yes. Fortunately, attacks on the Tor Browser itself can be largely prevented by simply turning the browser's security slider to a high level. The main reason for this is that most attacks are based on the use of Javascript to bypass the Tor browser's defenses, so disabling it completely using the security slider is a simple and effective solution to this problem. Of course, this will disrupt most websites, but it's a reasonable security fee.
Statement: You can still be tracked while using Tor.
Absolutely true, but it's incredibly easy to fix. Most tracking mechanisms rely on something called browser fingerprinting. Fortunately, you can simply set the Tor Browser security slider to a high level to virtually eliminate this problem (maximum security will disable Javascript, the standard browser fingerprinting block required).
Is Tor secure enough?
Given these points, evaluating whether it is safe enough to use requires some context. In particular, the decision should take into account what you are using Tor for, what the risks are, how valuable your information is, and so on. This process is known as threat modeling, and although several books can be written on this topic, let's briefly review the following simplified examples to understand what I mean when I say that context matters:
Low risk: View NSFW sites.
For example, someone who browses potentially dangerous websites using Tor is probably not a valuable target. The cost of learning / deanonymizing them is too high, given the potential reward for doing so. Law enforcement and intelligence agencies prefer to keep their tools secret; if they have a working attack on Tor Browser, they will only use it if it is justified, because carrying out an attack risks exposing it to the public. So if you're using Tor to browse online privately and anonymously, there's no reason to worry. Just turn on the security slider to stop major web trackers, and you'll be able to sleep well at night.
High risk: attacks by Special Services.
If you are valuable prey that a strong operative could identify. All the "unlikely" cases I have described can become significantly more likely, not to mention they are offset by a significantly higher personal risk.
I will refrain from giving you any advice on how to do this (please consult people who are smarter than me), simply turning the security slider to maximum will not be enough to ensure your safety. This is where you should start looking at comprehensive strategies that use Tor as an additional protection, rather than the only one. In other words, consider Tor to be the main piece of the anonymity / privacy puzzle, but not the only one you rely on. Your strategy should also work with or without Tor.
First: Tor supporters who defend this technology as freeing people from the gaze of Big Brother.
Second: Tor opponents who claim that it is a decoy funded by the US Navy, stuffed with NSA exploits, which sniffs your traffic and hacks your documents. Well, the real state of affairs is somewhere in the middle.
Claim: Tor is funded by the US Navy.
Although this is true, but this statement is very simplified and has little effect on anything. In reality, the US Navy funds Tor because it is useful for its operations (its foreign operatives need a secure communication method that is not allocated, and Tor provides it), and it is also useful for many other government services, such as law enforcement.
However, the main issue here is the impact: what if Navy funding forced the Tor developers to add a Navy-only backdoor? The problem is that Tor is an open source project, and introducing a backdoor into such code, which is scrutinized by skeptics, would be a pretty bad idea. If the Navy wants to use honey pot for surveillance, it would be much easier to create a company that provides VPN services with very competitive prices. After all, there is no way to check whether the VPN keeps logs or not.
Claim: Tor exit nodes monitor your traffic.
It's a bit more complicated here, because there's no way to check it. In addition, we must distinguish between privacy and anonymity: exit nodes that monitor Internet traffic do not necessarily compromise your anonymity if you do not send personally identifiable information. In other words, if they just see a Reddit page load, they have no way of knowing who is uploading it unless it is accompanied by some piece of identifying information.
However, some such nodes have been caught listening for traffic, but the vast majority have not, many of which are managed by privacy organizations such as Mozilla. In addition, using SSL / TLS makes it much more difficult to listen to people's traffic, and trying to hack SSL / TLS radically increases the probability of detecting a malicious exit node. Finally, traffic to and from hidden services (.onion) never passes through the exit node, so the argument simply doesn't apply here.
In short, if you use SSL / TLS wherever you can and don't send identifying information without it, the chance of the exit node stealing your data is very low.
Claim: Tor is susceptible to correlation attacks.
It really is. If one entity controls both the input (protection) relay and the output relay, then they use statistics to potentially identify you.
Please note that they cannot decrypt messages
Your traffic is still private, but they will know your IP address and the IP address of whoever you are talking to.
This is a very difficult problem to solve, but given the number of Tor relays, it is unlikely that your traffic will pass through the necessary guard and exit relays. Moreover, all of these attacks have false-positive metrics, which means that out of a hundred thousand users, they can narrow down the search to you and 5,999 others (6%). In any case, this is not very useful, and therefore such attacks are usually aimed at hacking the Tor Browser itself.
Claim: Tor Browser was and will continue to be vulnerable.
Yes. Fortunately, attacks on the Tor Browser itself can be largely prevented by simply turning the browser's security slider to a high level. The main reason for this is that most attacks are based on the use of Javascript to bypass the Tor browser's defenses, so disabling it completely using the security slider is a simple and effective solution to this problem. Of course, this will disrupt most websites, but it's a reasonable security fee.
Statement: You can still be tracked while using Tor.
Absolutely true, but it's incredibly easy to fix. Most tracking mechanisms rely on something called browser fingerprinting. Fortunately, you can simply set the Tor Browser security slider to a high level to virtually eliminate this problem (maximum security will disable Javascript, the standard browser fingerprinting block required).
Is Tor secure enough?
Given these points, evaluating whether it is safe enough to use requires some context. In particular, the decision should take into account what you are using Tor for, what the risks are, how valuable your information is, and so on. This process is known as threat modeling, and although several books can be written on this topic, let's briefly review the following simplified examples to understand what I mean when I say that context matters:
Low risk: View NSFW sites.
For example, someone who browses potentially dangerous websites using Tor is probably not a valuable target. The cost of learning / deanonymizing them is too high, given the potential reward for doing so. Law enforcement and intelligence agencies prefer to keep their tools secret; if they have a working attack on Tor Browser, they will only use it if it is justified, because carrying out an attack risks exposing it to the public. So if you're using Tor to browse online privately and anonymously, there's no reason to worry. Just turn on the security slider to stop major web trackers, and you'll be able to sleep well at night.
High risk: attacks by Special Services.
If you are valuable prey that a strong operative could identify. All the "unlikely" cases I have described can become significantly more likely, not to mention they are offset by a significantly higher personal risk.
I will refrain from giving you any advice on how to do this (please consult people who are smarter than me), simply turning the security slider to maximum will not be enough to ensure your safety. This is where you should start looking at comprehensive strategies that use Tor as an additional protection, rather than the only one. In other words, consider Tor to be the main piece of the anonymity / privacy puzzle, but not the only one you rely on. Your strategy should also work with or without Tor.
