I mean, there are a couple of major points against it: it was originally developed by the CIA, the US government still funds quite a bit of its development and upkeep, and it’s intrinsically vulrnable to de-anonymization of traffic if a bad actor manages to control or spy on enough nodes (namely, if they are simultaneously spying on all of the nodes in your circuit), and the vast majority of Tor nodes are based in the US and EU, specifically the 5/9/14/69/420 eyes countries. Tor seems mainly intended for US intelligence use and also for political dissidents against socialist countries (or just any country the US hates). It’s no coincidence that Tor traffic spikes from whatever country a colour revolution is taking place, like Iran and Russia as two recent examples, which is very apparent if you download Snowflake (which creates a small Tor entry node/bridge on your computer) and monitor which IP addresses are connecting to it.
At the same time, we’re also very explicitly political dissidents and therefore we absolutely need ways to protect our data privacy and security. So… Should communists, especially ones actively campaigning for socialism/communism, be using Tor to anonymize their traffic? I’d instinctively say no but thinking more about it I actually don’t know for sure. Is there a risk it can be booby trapped for us. Are there any alternatives? Anyone familiar with Tor’s architecture who’s able to weigh in on how big a risk it is for us compared to benefit?
Excluding user error (technical or having an identifiable fingerprint), the only way someone can decrypt communication through Tor is if they have access to all three nodes in a circuit. If you also send the Tor packets through a VPN (not letting the VPN create them, of course), they’d also have to have access to the server host to get your IP address. If all of this does happen, the worst-case scenario is still no less secure than not using Tor.
Regardless, the most important thing is that communication is encrypted through some other protocol like Matrix (and that you’ve verified the recipient’s cryptographic keys in person beforehand) – there isn’t much even a government can do to decrypt it as long as the encryption algorithm is solid and quantum-proof, and using technology like Tor can help hide the unencrypted metadata (e.g. the destination IP address) as well
Thank you for the info
Should one use a vpn + tor, or just tor alone?
deleted by creator
That’s not how it works, unless you’re allowing the VPN provider to create the Tor connection rather than doing it yourself (which is a “feature” offered by some providers, and that does almost entirely defeat the purpose of using Tor, aside from exposing a different IP address to the destination). If you’re using Tor Browser normally, you’re creating and encrypting the packets to send to the first Tor node in the circuit locally; the only thing exposed to the VPN server is that you’re sending a Tor packet and what the first node is, not the entire circuit or what the packet contains
deleted by creator
There are many opinions about this. I use both (locally creating packets for Tor, then sending them through a VPN connection) just in case a circuit happens to be completely accessible by a single actor (probably the Amerikan government). The only downside I see with this is that it’s a bit slower than just going through Tor, but it doesn’t matter for my use cases. In the worst-case scenario (an entire malicious circuit and a malicious VPN), it’s not going to be any worse than just going through my malicious ISP