I mean, there are a couple of major points against it: it was originally developed by the CIA, the US government still funds quite a bit of its development and upkeep, and it’s intrinsically vulrnable to de-anonymization of traffic if a bad actor manages to control or spy on enough nodes (namely, if they are simultaneously spying on all of the nodes in your circuit), and the vast majority of Tor nodes are based in the US and EU, specifically the 5/9/14/69/420 eyes countries. Tor seems mainly intended for US intelligence use and also for political dissidents against socialist countries (or just any country the US hates). It’s no coincidence that Tor traffic spikes from whatever country a colour revolution is taking place, like Iran and Russia as two recent examples, which is very apparent if you download Snowflake (which creates a small Tor entry node/bridge on your computer) and monitor which IP addresses are connecting to it.

At the same time, we’re also very explicitly political dissidents and therefore we absolutely need ways to protect our data privacy and security. So… Should communists, especially ones actively campaigning for socialism/communism, be using Tor to anonymize their traffic? I’d instinctively say no but thinking more about it I actually don’t know for sure. Is there a risk it can be booby trapped for us. Are there any alternatives? Anyone familiar with Tor’s architecture who’s able to weigh in on how big a risk it is for us compared to benefit?

  • TheAnonymouseJoker@lemmygrad.ml
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    2 years ago

    So I will give the simplest and ideal tip to use Tor, as a veteran user of the network. Exclude 5/9/14 Eyes exit nodes depending on how much your comfort level is, and how serious or personal your activity is.

    You can use TailsOS on USB stick (safest method), or for high convenience use Tor Browser on Linux desktop or Android. If you want high degree of customisation on Android, use Invizible Pro and setup a barebones browser for Tor usage through it. It allows to exclude exit nodes of whatever countries you want, but this method requires expertise as Invizible is complicated.

    I see a lot of weird and wonky notions and advice in this thread. Every OPSEC has user as weakest link, and they are the ones to decide and be conscious of what and how to share. Some handy tips are metadata cleansing of files, encrypting whatever you send with atleast strong AES-128 passwords or OpenPGP encryption, and using OS platforms that give you security and privacy (any mainstream Linux distribution for daily use and TailsOS when using Tor is sufficient).

    Also, the notion that just using a computer or internet means FVEY can see everything, is inherently false. This is misinformation levels of paranoia. There are reasons why activism has become stronger with digital tools. Assange and the likes were not caught because digital tools failed them. It was because they were too high profile and at some level, real world needs you to share some form of your credentials for authenticity. These problems are a consequence of OPSEC among large, influential groups, which demonstrates how OPSEC is never just a personal battle, but something one needs to deal with, with anyone you are related or connected to in real life or real world work.