• I don't think the Tor network is inherently insecure

    From Arelor@VERT/PALANTIR to Ogg on Mon Sep 16 18:41:02 2024
    Re: I don't think the Tor network is inherently insecure
    By: Ogg to MRO on Thu Sep 12 2024 07:39 pm

    The Exit nodes can potentially monitor your internet activity,
    keep track of the web pages you visit, searches you perform,
    and messages you send. No doubt some government institutions
    are operating exit nodes.

    Well, I have doubts about that, considering most http traffic these days goes encapsulated in TLS.

    An Exit node can't keep track of the sites you visit because different sites are accessed over different circuits. An exit node who gets a gazillion users through it cannot realistically determinate which site visits belong to a particular user either.

    Searches cannot be tracked because the serch query is encrypted. Same with messages and the like.


    But isn't there more confidence in privacy and encryted
    sessions when using .onion destinations?

    With onion destinations you generate to DNS query so I guess that is a win.

    Still I prefer i2p.


    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From MRO@VERT/BBSESINF to Arelor on Tue Sep 17 06:59:25 2024
    Re: I don't think the Tor network is inherently insecure
    By: Arelor to Ogg on Mon Sep 16 2024 06:41 pm

    and messages you send. No doubt some government institutions
    are operating exit nodes.

    Well, I have doubts about that, considering most http traffic these days goes encapsulated in TLS.

    An Exit node can't keep track of the sites you visit because different sites are accessed over different circuits. An exit node who gets a gazillion users through it cannot realistically determinate which site visits belong to a particular user either.

    Searches cannot be tracked because the serch query is encrypted. Same with messages and the like.



    the probably is, you trust encryption. don't you think all the big govts have cracked that encryption or have a way around it? they are probably 10 years or more ahead of what we think they are.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Arelor@VERT/PALANTIR to MRO on Wed Sep 18 15:41:27 2024
    Re: I don't think the Tor network is inherently insecure
    By: MRO to Arelor on Tue Sep 17 2024 06:59 am

    the probably is, you trust encryption. don't you think all the big govts have cracked that encryption or have a way around it? they are probably 10 years or more ahead of what we think they are.

    I don't think they can crack something like modern TLS in real time. I am sure they have a bunch of pre-cracked primitives stored somewhere so they are likely to actually crack sessions... whether they can crack them soon enough for that to be useful is speculation.

    Personaly I think it is not likely they can perform real time cracking, because when they have needed such a thing they have opted to bribe operators of the trust chain instead (in order to get fake certificates to attempt MITM).


    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From MRO@VERT/BBSESINF to Arelor on Thu Sep 19 15:22:02 2024
    Re: I don't think the Tor network is inherently insecure
    By: Arelor to MRO on Wed Sep 18 2024 03:41 pm

    the probably is, you trust encryption. don't you think all the big govts have cracked that encryption or have a way around it? they are probably 10 years or more ahead of what we think they are.

    I don't think they can crack something like modern TLS in real time. I am sure they have a bunch of pre-cracked primitives stored somewhere so they

    you have no idea what they can do. nobody does.


    Personaly I think it is not likely they can perform real time cracking, because when they have needed such a thing they have opted to bribe operators of the trust chain instead (in order to get fake certificates to attempt MITM).


    why not have both?
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::