Tor: Good or Bad? Safe or Dangerous?

Rainman05 said:

TOR is designed or rather, was designed, by US intelligence services to be serviced by spooks.

So it's not that it's good or bad or safe/unsafe, but it unsafe in that it makes you think you're safe... when in fact, for most day to day operations, you're not. I'm imagining you're not planning to surf the deep web, so for normal things you do on the internet, commenting on DP, watching youtube, reading reddit, checking the news... what do you need TOR for? You still log into DP with your account and somewhere, in the log, when you logged into DP without using TOR, there is your IP next to your account name... so what's the point.

All in all, it's stupid. There is no such thing as secrecy on the internet or anonimity, only on a superficial level.

Click to expand...

ChezC3 said:

You ask a lot of questions... Yes, lets say I'm trying to surf the deep web...

No, playing with you kids in the sandbox or reading Drudge wasn't a thought.

you make a good point with the IP/account previous exposure though...

Click to expand...

Rainman05 said:

ok, but there's nothing there for good people. You have like... what... half a million websites on the deep web, most of them hubs for drug dealers or pornographers or people hiring hitmen or whatever... some offering instructions on how to build a bomb. It's used by jihadi terrorists, drug lords, oligarchs, dark hat hackers, criminals of all kinds and also agents of various intelligence services of many countries. There is no reason to go there.

Do you know how TOR works? Or how the internet works? Then you know why it's not safe. When you are using the TOR network, you're ok, you're safe, nobody can track you where you are on the web unless you tell them. Like, if you are using TOR and then logging into youtube with your gmail account... that's kinda a dead giveaway. But if you don't do that, nobody can know what sites you're looking at. But, I don't need to, if I am the big bad agent. I am just looking at your IP and seeing that at time 18:21 you logged into TOR and then I lost you. So all I have to do is write your name in the bad boys list and some people will look into you. You'll be monitored, investigated, secretly or less so... and if it turns out you're just some guy who heard about this stuff and wanted to give it a go, then it's all fine... if not, you're targetted. So it's stupid. Don't go to TOR.

Click to expand...

ChezC3 said:

All of this is academic curiosity.. What you've warned is as I've figured for the most part but I am an inquisitive fellow... Checked out their site and read a few stories, peaked my interest and as I know some here at good old DP are in the tech sector -- upstanding citizens no doubt(though I have my suspicions about some of you and you know who you be) so I figured I'd throw a line out and learn a little.

As I said. I've read their site so yeah,I know how it works and all of its wonderful wonderful legitimate uses, I was looking for impartial feedback.

Click to expand...

Rainman05 said:

ok, well TOR works like a very intricate network... it's not relevant how it works, is that anyone can know when you're logging into it. I, as the NSA, can put a listening device on all outputs from all TOR servers. So I can know how many people, on TOR, have gone to see what websites, i just don't know from what real IPs they did that. So I know what IP goes there, because when you log into TOR, you get a new IP, that changes very often... but your real IP, 121.122.123.124, is completely hidden from me. But if I know that 100 people have logged into TOR, that's all the people that are using TOR now, and I see that 20 went to check out kiddie pr0n and 30 went to see jihadi websites and the rest just checked rabbit recipes or something as they would normally, you don't need TOR for that... I can focus in on the 50 troublemakers because they're the bastards. Ofc, in reality, this is a futile experiment since there are millions who use TOR, i think... i'd guess... idk. but its a safe bet.

But that's why you have people telling you to use TOR. Because what if it's not 100 people, but 1000 people... and only 50 troublemakers? Well... harder to find isn't it? What if they are 10k people. You have 10k logs showing that 10k people accessed TOR, so you know who accessed it... but you don't know what they're looking for and you're just looking for 50 people. What do you do? Violate the rights of 10k to get the 50? Or not... this is why I don't encourage people to use TOR because it provides a safer net for the scoundrels.

Click to expand...

Rainman05 said:

So I think I wrote a massive comment on this in science and technology subforum a while ago but let me write a few key bits for anyone confused on how the internet or how tracking goes.

You, me and everyone has an ISP-> internet service provider.
We all have an IP -> this is like your social security number only for your computer.
A computer can have multiple IPs depending on what network he's logging into. So say you have 3 ISPs, so 3 internet subscriptions, you have 3 IPs depending on which service you're using.

So lets work on a hypothetical example. You're Bob and your ISP is named CatCorp and your IP is 121.122.123.124
oK?

When you go to chrome or any web browser and type in google.com, your ISP will create a log of that event something like
Time: 10:12
Date: 22.03.2014 (yes, European date measuring time because the other kinds are retarded)
IP: 121.122.123.124
web addr: google.com

You want to look at cooking rabbit dishes?
Time: 10:13
Date: 22.03.2014
IP: 121.122.123.124
addr: rabbitdelight.com

So if I am the NSA, all I have to do is check that log and I can see what your computer has accessed at each time you accessed something. OK? This data is located on your ISPs servers. So your internet provider, the company you pay for internet, has this data. All of them do. They are required by law to have it.

If Bob wants to log into TOR.... well then, it says
time: 21:10
Date: 22.03.2014
IP:121.122.123.124
addr: www.torproject.org

Oh, what do you know... Bob is up to no good. That's what I would say if I were the NSA... and then I'd flag your IP and put a listening device on your computer and anytime you'd log into something or google something or go somewhere, I'd know because that listening device would tell me, the NSA agent, where you're going. I don't even have to access the ISP logs. And if you're going on TOR regularly... well... that's not very nice of you now is it?

So dont' go to TOR. It's stupid and it'll only get you into trouble.




ok, well TOR works like a very intricate network... it's not relevant how it works, is that anyone can know when you're logging into it. I, as the NSA, can put a listening device on all outputs from all TOR servers. So I can know how many people, on TOR, have gone to see what websites, i just don't know from what real IPs they did that. So I know what IP goes there, because when you log into TOR, you get a new IP, that changes very often... but your real IP, 121.122.123.124, is completely hidden from me. But if I know that 100 people have logged into TOR, that's all the people that are using TOR now, and I see that 20 went to check out kiddie pr0n and 30 went to see jihadi websites and the rest just checked rabbit recipes or something as they would normally, you don't need TOR for that... I can focus in on the 50 troublemakers because they're the bastards. Ofc, in reality, this is a futile experiment since there are millions who use TOR, i think... i'd guess... idk. but its a safe bet.

But that's why you have people telling you to use TOR. Because what if it's not 100 people, but 1000 people... and only 50 troublemakers? Well... harder to find isn't it? What if they are 10k people. You have 10k logs showing that 10k people accessed TOR, so you know who accessed it... but you don't know what they're looking for and you're just looking for 50 people. What do you do? Violate the rights of 10k to get the 50? Or not... this is why I don't encourage people to use TOR because it provides a safer net for the scoundrels.

Click to expand...

Cardinal said:

Couldn't you say all this about any vpn?

Click to expand...

ChezC3 said:

LOL, that was a selling point -- more people more what did they call it, relays, more people more relays. Definitely seemed like come join us flood the system...



Also said the State Dept. funds them. So....that's a red flag too...

Click to expand...

Rainman05 said:

Ah, no. A vpn stands for virtual private network. It basically extends a private network over the public network which is the internet.

TOR allows you to access the deep web, which you can't via VPN.

So basically ,a VPN keeps you safe (your IP untraceable, or so they say)but you can't access the deep web.
I don't trust a lot of VPNs. Ehm, I suggest you don't either because most are crap. You don't know, in truth, if a VPN is working or not. To you, it won't seem any different than using chrome incognito, as the end user. You don't see if it is working or not. So I wouldn't trust them.

Honestly, as a common plebe, like myself, the best thing you can use a VPN for is to change your IP to another country. Like, for australians, use VPN when you log into steam and seem american so you pay american dollars at american rates for games. But your entire life, you'll have to be an american by VPN to access steam or the charade is done for.

Click to expand...

Rainman05 said:

Ah, no. A vpn stands for virtual private network. It basically extends a private network over the public network which is the internet.

TOR allows you to access the deep web, which you can't via VPN.

So basically ,a VPN keeps you safe (your IP untraceable, or so they say)but you can't access the deep web.
I don't trust a lot of VPNs. Ehm, I suggest you don't either because most are crap. You don't know, in truth, if a VPN is working or not. To you, it won't seem any different than using chrome incognito, as the end user. You don't see if it is working or not. So I wouldn't trust them.

Honestly, as a common plebe, like myself, the best thing you can use a VPN for is to change your IP to another country. Like, for australians, use VPN when you log into steam and seem american so you pay american dollars at american rates for games. But your entire life, you'll have to be an american by VPN to access steam or the charade is done for.

Click to expand...

ChezC3 said:

Here's a practical question, I don't care about government tracking I mean I do, but if they wanna waste time on me, that's there business, but say, you know I don't want companies to track me when visiting their sites. Nothing pisses me off more than when I'm looking at a handbag for my wife as a gift and I have to deal with catered ads for, like, ever! That deals with cookies I think, but I'd just as soon not let them know I was there at all if I'm not buying anything.

Click to expand...

Cardinal said:

I would think there would be numerous ways to know if your vpn is doing anything, such as as what country's browser you come up with or when you go to google.com, or asking "what's my isp," or trying to use Hulu or Netflix from one country to another.

I had no idea about Tor's unique ability to access the deep web, and as I have little need for black market goods, no particular interest in it. Besides, I thought I read something to the effect that Tor was cracked by the NSA, and all the deep web people were scrambling for other options. Although, as necessity is the mother of invention, I'm sure they've found a few by now. For example, I hear that PGP is all the rage now, and even went so far as to set up a pgp protected email client, but upon discovering I had nothing interesting to send anyone I quickly grew bored with it.

Click to expand...

Honestly, as a common plebe, like myself, the best thing you can use a VPN for is to change your IP to another country. Like, for australians, use VPN when you log into steam and seem american so you pay american dollars at american rates for games. But your entire life, you'll have to be an american by VPN to access steam or the charade is done for.

Click to expand...

Rainman05 said:

Well, the technology was funded by the state department. But since then, like all technology, it grew and grew and became whatever it is now.

So yeah, don't use TOR. I know that a lot of people are concerned for their privacy, but rest assured, you never had it on the internet. There is no such thing. It is a lie. It's just superficial privacy, as in, I can make an account named rainman and post on DP. That's not security or privacy, it's some annonimity but it's superficial. As you, chez, you don't know what my real name is. that's it. the ISP knows who the **** I am.

Click to expand...

Rainman05 said:

Yes, exactly, which is what I said here, only for a different example.


Well, you can't crack TOR as in... inflitrate it because it's not one server. It's like, thousands of servers making their own network. You need to crack each individual server which is quite hard because they're not all protected under the same key. So, if I wanted to set up a server to host some illegal websites, I could do it by connecting it to the TOR network. I set up my own defense and firewalls and what naught on my server to protect it against being hacked and then I sell space on the server for whomever wants it. And some guy comes and makes a website for politics for the deep web and pays me 20$ a month for giving him a place to host his ****. So, it's not like you can crack TOR that easily. It's quite impossible. It's like cracking every server that hosts something for the interent, only on a smaller scale... but equally as difficult.

Click to expand...

ChezC3 said:

Here's a practical question, I don't care about government tracking I mean I do, but if they wanna waste time on me, that's there business, but say, you know I don't want companies to track me when visiting their sites. Nothing pisses me off more than when I'm looking at a handbag for my wife as a gift and I have to deal with catered ads for, like, ever! That deals with cookies I think, but I'd just as soon not let them know I was there at all if I'm not buying anything.

Click to expand...

Cardinal said:

Huh, interesting. I wish I could remember which forum I visited where I read a conversation about Tor being unreliable for secrecy so I could reproduce the context. Oh well.

I was aware of the methods you discussed in knowing whether your vpn was working, so I was confused when you also wrote "You don't know, in truth, if a VPN is working or not. To you, it won't seem any different than using chrome incognito, as the end user. You don't see if it is working or not."

Click to expand...

Rainman05 said:

Ok, so that is a way, yes... you delete the cookies and then you're safe as it were. Nobody can target you for specific ads but that's an exercise in futility because a month from you, because you looked at stuff and websites and they gave you some cookies and then when you went back, they knew what you searched for and stuff.

But that's just a defense for the smaller companies or rather, the small-to-medium companies. Or airlines. So I know that airlines are quite ****ty because they leave cookies and they'll increase the cost of an airline ticket if you keep going back to them. So say you want to fly from London to Paris, and you wanted to take Wizzair, if you, over the course of a week, logged in 10 times to check prices, at first it'll be 20$ then at the end of the week, well, 24$. Not because there are less seats or whatever, but because they saw that you're interested in that flight and decided that if you see the price will go up, you'll freak out and buy now.

But that's like, for small companies or small-to-medium companies or for companies who just haven't figured it out yet.

The new method is how facebook monetizes itself or how any data holder can make a ton of money, and that's with those logs I told you about. The same way the NSA can track you. Well, that's one.

One way is the facebook way, where they sell everything you are as a virtual person to a company. So you're a woman who is interested in beauty products, Facebook will sell your information to Mabelline or whatever... who will then send you an email saying "look at our promotional offers" or maybe it'll buy from google an add to be on the right side of your video on youtube for beauty products and whenever your IP goes to youtube to watch something, anything, you'll see an square box with Mabelline.

The second way is the way your ISP can sell you out, or how google can sell you out. But lets say your ISP and that's using those logs. Oh, over the last month you logged into javascript tutorial courses? well, lets sell your information to some online university which will send you an email saying "wanna learn javascript?, take our course!".

There is no defense against that except you know... if you wanna use VPN (one that works) but if not, then TOR, but you're aiding scoundrels... so it's catch 22. You know... I don't know how to make yourself impervious to the new add targetting method. Develop self-restraint, I don't know.

Click to expand...

Rainman05 said:

Well yeah ,but again, it's unreliable. So a VPN will make you an american online for 30min or whatever, but then you're a belgian... i mean it depends.

VPNs are ok, I guess, good ones are ok, great ones are good... but I don't bother. I mean, even if you were to watch porn online, go chrome incognito so that your autofill script doen't autofill embarassing stuff, and that's that. I mean, I don't know. to each his own. I work in this field, you know, php, javscript, html, web apps and ****... and I don't know of one convenient defense that won't screw me one way or the other.

Click to expand...

ChezC3 said:

so a vpn would do the trick as an alternative to tor is what you're saying? I was using the ads thing as an example, I mean I want that to stop, but I don't read every TOS for every app, site, yada yada so I was just looking for a way to click agree and thumb my nose at them from behind a locked door...

(to reenforce your comment Travelocity does that crap all the time, Mon 800 a person Fri 875 sneaky bastards,,)

Click to expand...

ChezC3 said:

so a vpn would do the trick as an alternative to tor is what you're saying? I was using the ads thing as an example, I mean I want that to stop, but I don't read every TOS for every app, site, yada yada so I was just looking for a way to click agree and thumb my nose at them from behind a locked door...

(to reenforce your comment Travelocity does that crap all the time, Mon 800 a person Fri 875 sneaky bastards,,)

Click to expand...

Rainman05 said:

Yes, but not for the deep web. You can't access the deep web without tor because it's a different network. The VPN just makes you someone else, gives you a private network, over the existing public one, the internet. TOR is not a public network.

So yeah, if you have to use something, use VPN but again, I live for this **** and I don't use it. Install programs that block adds on your browser... and you're golden. Run CCleaner for cookies every week or every month... and that's it.

I don't trust VPNs because the good ones are paid for and I like to have stuff memorized. I like to not have to log into DP every time I come to DP. I like not having to write my password every time I log into amazon because it remembers me. I like not having to do that for World of tanks. So it's a trade-off. With VPN, you have to do that. Every time you come to DP, you need to log in, write name and pass... and then what's the point of having VPN? If you want to go to amazon, you have to log in to order and then the internet, as in, anyone who wants to buy your data, will know that you bought X items from amazon and that's where your interests are because you shipped them to your home. So for me, it seems like an exercise in futility for day to day life.

but you know, that's just like, my opinion.

Click to expand...

Cardinal said:

The VPN I use gets consistently high ratings. In every technical forum, PIA is always in the top ten, if not the top 5.

I've never approached security in terms of a silver bullet, but as multiple layers.

Click to expand...

Cardinal said:

Not sure what you're talking about here. My vpn is on right now, and I can auto-logon to DP and Amazon just fine. Of course, I've specifically allowed cookies from those sites to be placed onto my computer.

Click to expand...

Rainman05 said:

Yes, but not for the deep web. You can't access the deep web without tor because it's a different network. The VPN just makes you someone else, gives you a private network, over the existing public one, the internet. TOR is not a public network.

So yeah, if you have to use something, use VPN but again, I live for this **** and I don't use it. Install programs that block adds on your browser... and you're golden. Run CCleaner for cookies every week or every month... and that's it.

I don't trust VPNs because the good ones are paid for and I like to have stuff memorized. I like to not have to log into DP every time I come to DP. I like not having to write my password every time I log into amazon because it remembers me. I like not having to do that for World of tanks. So it's a trade-off. With VPN, you have to do that. Every time you come to DP, you need to log in, write name and pass... and then what's the point of having VPN? If you want to go to amazon, you have to log in to order and then the internet, as in, anyone who wants to buy your data, will know that you bought X items from amazon and that's where your interests are because you shipped them to your home. So for me, it seems like an exercise in futility for day to day life.

but you know, that's just like, my opinion.

Click to expand...