I mean, there are a couple of major points against it: it was originally developed by the CIA, the US government still funds quite a bit of its development and upkeep, and it’s intrinsically vulrnable to de-anonymization of traffic if a bad actor manages to control or spy on enough nodes (namely, if they are simultaneously spying on all of the nodes in your circuit), and the vast majority of Tor nodes are based in the US and EU, specifically the 5/9/14/69/420 eyes countries. Tor seems mainly intended for US intelligence use and also for political dissidents against socialist countries (or just any country the US hates). It’s no coincidence that Tor traffic spikes from whatever country a colour revolution is taking place, like Iran and Russia as two recent examples, which is very apparent if you download Snowflake (which creates a small Tor entry node/bridge on your computer) and monitor which IP addresses are connecting to it.
At the same time, we’re also very explicitly political dissidents and therefore we absolutely need ways to protect our data privacy and security. So… Should communists, especially ones actively campaigning for socialism/communism, be using Tor to anonymize their traffic? I’d instinctively say no but thinking more about it I actually don’t know for sure. Is there a risk it can be booby trapped for us. Are there any alternatives? Anyone familiar with Tor’s architecture who’s able to weigh in on how big a risk it is for us compared to benefit?
Tor was actually created by the US navy to protect US naval intelligence officers, reconnaissance teams, and for communication with nuclear submarine forces.
The government sees all on Tor. It does absolutely nothing to protect you.
Plus due to it’s construction, using it for any type of real time communication like Lemmygrad would be nearly impossible.
This is correct. The rabbit hole goes deep with Tor’s development, but most importantly, your privacy is locked to whoever controls the exit nodes, which is out of your control, and usually a completely unknown party.
VPNs are much safer imo, but things like browser fingerprinting make them more and more circumventable.
The thing about having three different nodes is that even if every single one of them is malicious, they can’t do anything unless they can all be accessed by a single actor with the decryption keys for all three (intercepting the encrypted Tor packets isn’t enough). Amerika certainly controls many Tor nodes, but AFAICT most of them are still private individuals, so Tor makes it significantly more difficult to surveil your activity, despite the origins of Tor and the shady connections of some of the Tor developers. It definitely does do something to protect you, even if it’s highly flawed.
A trusted VPN would be the best solution (possibly in combination with Tor), but finding one worthy of trust isn’t easy, and you can only really confirm a negative w.r.t. their trustworthiness
I heard that by using tor and a VPN, one kind of cancels the other out. Is that not the case?
no, not unless you let the VPN handle the Tor connection, which is not the case if you use something like Tor Browser with the default settings
Could you explain browser fingerprinting?
This one looks like a good intro: geekflare.com/browser-fingerprinting
Thank you. That’s helpful, albeit scary af.
Yup, its pretty scary. I just checked, and every browser I have, even the hardened ones, fail at this: https://www.amiunique.org/
According to Sakai, communists should not be relying on digital tech to protect secret comms at all. This is in his talk on security (it’s on archive.org). Communists must expect that anything shared digitally will be intercepted. The tech can be as secure as it likes, but humans / human error remain (s) the weak point. And the best way to guard against humans with bad intent is to learn to spot bad politics.
Sakai is right, as usual. Whenever you use a computer, you are being watched.
That’s what I assume, too. And to reiterate a few other points…
We should be very careful in suggesting that any software is safe. Even besides human error, comms can be hacked, with tech or by infiltrators. And there will be no indication that this is happening; they’ll let revolutionaries plan and even act, then arrest them after, with a huge file of evidence to either flip them (the ideal, as now they don’t even need to code break encryption or to send an undercover agent) or lock them in solitary forever (less ideal, but effective).
This isn’t to say there’s no advantage in taking precautions. Nobody should be making it easy for e.g. Google and Facebook to harvest data, etc.
But even if communists can’t protect their own comms, there’s a broader picture. Sakai talks about people who say ‘I’ve got nothing to hide, so I don’t mind talking to police’. The problem is that if the ‘innocents’ talk, the list of suspects narrows considerably.
Secret services have files on everyone. If they know of 100 people who go to protests, five of which are very tall, and they’re looking for someone very tall who was cheeky to a police officer and they have train records showing that two of the five were out of town, they only need two others to say ‘it wasn’t me’ to find the person they’re looking for.
All intelligence is intelligence, whether it’s positive or negative. It’s safest to assume that all secure channels are being watched and assume that negative data (about non-actives) and positive data (about actives) will be used to create a clearer and clearer picture of the world, which will be used to fight communists.
Even ‘benign’ data has it’s use. E.g. if it is known who rents and who has a mortgage or owns their place outright, it will be known who is more likely to go to a protest about rent controls, and once this is known, it is also known where to position the undercover agent who is tasked with smashing windows to make it look like the protesters are violent.
I remember seeing that Snowden severely reworks his phones to make him as untraceable as possible. He made a whole twitter thread about it, though I’m having trouble finding it, but I do recall him saying to take out certain hardware out of the phone, using a special microphone, never using wifi (especially at home), and many other things. Anyway I mention this because one would have to do a lot of physical adjustments to a phone to be able to communicate privately and even then it’s no guarantee…
Btw @redtea@lemmygrad.ml your link only leads to archive.org’s home page. I’m guessing this is the work you were referring to?
Ah, I didn’t mean to make a link, but to refer to where the talk could be found. It’s this one: https://archive.org/details/basicpoliticsofmovementsecurity/mode/1up
Anything that could lead to you possibly being convicted of a crime should not be said on a computer, period. Unless you’re not afraid of going to jail lol
Make sure to mention it’s all in Minecraft/j
It was a funny meme for awhile until the actual authorities made a note of it to take threats with “Minecraft” in them seriously.
Move on to Fortnite or some other inferior game I guess/s
Dungeons and Dragons
I just wanna add the exception that confirms the rule, use tails.
Compared to a VPN, Tor is vulnerable to botnet replacing half or more of the nodes on your route and replacing your exit node. On the flip side, a VPN, since it’s a singular target, is vulnerable to CIA agents with guns.
Based on the replies I’m going to have to start using carrier pigeons, which is honestly not a bad idea, they’re good birds.
Messenger ferrets is an option, too, but you need an intricate network of tunnels.
At this point I’ll have to train my dogs to discreetly deliver rolled up parchment paper with invisible ink when passing people out on walks lol.
My suspicions are confirmed—the dogs in the pic are comrades!
Excluding user error (technical or having an identifiable fingerprint), the only way someone can decrypt communication through Tor is if they have access to all three nodes in a circuit. If you also send the Tor packets through a VPN (not letting the VPN create them, of course), they’d also have to have access to the server host to get your IP address. If all of this does happen, the worst-case scenario is still no less secure than not using Tor.
Regardless, the most important thing is that communication is encrypted through some other protocol like Matrix (and that you’ve verified the recipient’s cryptographic keys in person beforehand) – there isn’t much even a government can do to decrypt it as long as the encryption algorithm is solid and quantum-proof, and using technology like Tor can help hide the unencrypted metadata (e.g. the destination IP address) as well
Thank you for the info
Should one use a vpn + tor, or just tor alone?
deleted by creator
That’s not how it works, unless you’re allowing the VPN provider to create the Tor connection rather than doing it yourself (which is a “feature” offered by some providers, and that does almost entirely defeat the purpose of using Tor, aside from exposing a different IP address to the destination). If you’re using Tor Browser normally, you’re creating and encrypting the packets to send to the first Tor node in the circuit locally; the only thing exposed to the VPN server is that you’re sending a Tor packet and what the first node is, not the entire circuit or what the packet contains
deleted by creator
There are many opinions about this. I use both (locally creating packets for Tor, then sending them through a VPN connection) just in case a circuit happens to be completely accessible by a single actor (probably the Amerikan government). The only downside I see with this is that it’s a bit slower than just going through Tor, but it doesn’t matter for my use cases. In the worst-case scenario (an entire malicious circuit and a malicious VPN), it’s not going to be any worse than just going through my malicious ISP
The Internet is largely a creation of the defence advanced research projects agency, yet we are using it. Yet we should still use it, just be aware that you’re probably being monitored online at all times, if you’re gonna do illegal shit then don’t talk about it anywhere online even with tor.
I was told once that the internet was originally an explicitly anti-communist project from DARPA. This intrigued me yet I have never been able to answer this question. Do you have any knowledge on the subject?
It’s a communication system that was originally designed to be resilient against attacks on the physical infrastructure. The interconnected machines on the Internet communicate amongst themselves and if one node or a line connecting them is taken out then the packets of data can go in different directions to attempt to find their destination. This allows any two machines to communicate as long as there exists a route that connects them even while other connections may be destroyed. This could give the usa some ability to maintain communication in the event if a nuclear exchange and so it could be said to be a technology designed to give an edge to the USA in the event of nuclear war with the soviets, I don’t think this makes it explicitly anti communist though it is possible that was oke motive or justification for its development .
Thanks for your input
What do people think of i2p?
AFAICT, unlike Tor, I2P doesn’t seem to also be designed for clearnet access, instead focusing on their “eepsites” (roughly equivalent to Tor’s onionsites)
The problem with Tor is that it’s a tool of the US intelligence services. By using it, one provides traffic for them to hide their own communication.
Yes but this pours into the no ethical consumption under capitalism idea.
deleted by creator
Anyone know of any?
deleted by creator
I’m flattered but I hardly qualify as everyone on this site let alone on the left or even in the world. I personally don’t know.
deleted by creator
👍
So I will give the simplest and ideal tip to use Tor, as a veteran user of the network. Exclude 5/9/14 Eyes exit nodes depending on how much your comfort level is, and how serious or personal your activity is.
You can use TailsOS on USB stick (safest method), or for high convenience use Tor Browser on Linux desktop or Android. If you want high degree of customisation on Android, use Invizible Pro and setup a barebones browser for Tor usage through it. It allows to exclude exit nodes of whatever countries you want, but this method requires expertise as Invizible is complicated.
I see a lot of weird and wonky notions and advice in this thread. Every OPSEC has user as weakest link, and they are the ones to decide and be conscious of what and how to share. Some handy tips are metadata cleansing of files, encrypting whatever you send with atleast strong AES-128 passwords or OpenPGP encryption, and using OS platforms that give you security and privacy (any mainstream Linux distribution for daily use and TailsOS when using Tor is sufficient).
Also, the notion that just using a computer or internet means FVEY can see everything, is inherently false. This is misinformation levels of paranoia. There are reasons why activism has become stronger with digital tools. Assange and the likes were not caught because digital tools failed them. It was because they were too high profile and at some level, real world needs you to share some form of your credentials for authenticity. These problems are a consequence of OPSEC among large, influential groups, which demonstrates how OPSEC is never just a personal battle, but something one needs to deal with, with anyone you are related or connected to in real life or real world work.
I use a VPN, and e2e for some stuff, other stuff I don’t, I don’t say shit on the internet that could be used to get me shot anywhere in the world, I travel a lot for work and cannot risk being arrested in some country for not shutting up online.
We’re strongest in public. How does one build a mass-movement in private?