This post glows so hard I'm going to need a pair of sunglasses.
this post was submitted on 09 Sep 2023
42 points (90.4% liked)
Privacy
29831 readers
646 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 4 years ago
MODERATORS
Wait, is the joke about me being CIA? Cause I’m not CIA 100%
That's exactly what a fed would say
It’s simple. If you ask a cop if he’s a cop, he’s like, obligated to tell you. It’s in the Constitution.
breaking bad reference
Crooks getting their infallible legal advice from Hollywood screenwriters…
Sue the person your interested in for something, maybe defamation, get a deposition done, and as part of the questioning have the lawyer ask if they work in law enforcement.
Under oath, they have to tell you if they are a cop. heh
The 7th Street Litigators - A crew of rough and tumble gunners, use this method to screen new members.
Most tor users got caught because of bad OPSEC, not because of the tor network itself…
Maybe, parallel construction confuses the quality of ToR a bit. If I was a APT and compromised ToR I wouldn't want anyone to know, so i would use parallel construction to always have a non-ToR reason for a take down.
Bad opsec and hubris/idiocy.
So we need other security methods besides using Tor? Like what?
Not using anything Google/Microsoft related would be a good start.
Followed by no JavaScript, no browser plug-ins, etc.
Don't do illegal activities.
What signal fiasco?
You should read the Tor foundation documentation before trusting your freedom to it.
You can be tracked on Tor, but the question is by who, and when. If you login to gmail over tor then google knows your using tor. If you access tor from your home computer then your isp knows your using tor.
If your threat model includes Advanced Persistent Threats at the nation state level, then they can do Cybill attacks and control enough nodes that they could track you.
"illegal activities" doesn't always mean buying crack cocaine, or whatever. depending on where you live it can mean:
accessing wikipedia, forming communities, performing union activities...
in other words, the ruling class of your country decides something being threatening their power, and that becomes an illegal activity.
of course everyone can be tracked. also everyone is not julian assange, so i'm not so worried about using tor for "illegal activities".
What I meant with Signal fiasco is, they didn’t published server code for a year and the fact that they’re a US establishment. It’s not looking that bad but I’m not going to trust them anymore.
ToR was started by the US Navy and still gets funding from the navy every year. ToR is a tool used by the US for spooks and spook assets globally. The only reason it was made public was to generate enough noise to hide the spook talk.
So applying your logic means you shouldn't use ToR either.
Hmm, maybe you’re right. But still its not like they didn’t released the source code for a year.
https://github.com/signalapp/Signal-Server
Its there now, but you never know what they are really running on their servers. In end to end networks, you should never trust the network, only the clients.
I think you need to take time and model out your threats, the EFF has tools to help you do this, then choose the tools that match best.
You’re right. Thats why I like Matrix more than Signal now.
Also I’m not looking for a security method to escape from a specific target. It’s all curiosity about general security.
matrix leaks metadata to the servers much worse then signal, just FYI. Hating how a team runs is different then then risk profile of the product.
Don't like emotions cloud your decision making
I'm not hating. I just like keeping my half encrypted data on my own server instead of fully encrypted on someone else's server.
well, your own server and every other server you've ever connected to.
Signal fiasco?
I guess the phone number leak, I wouldn't really call it a fiasco though
That was also a hack on Twilio. Signal itself wasn't compromised in any way if I am not wrong.
I said "fiasco" because they did not share the backend server repo for a while and did not make any statement about it. Maybe a little overreaction than it should be. But for an app that promises privacy, it's kinda annoying.
Oh that, yeah that was pretty bad tbh
Signal went closed source for ages, just simply stopped publishing their source code. Happened with the server and the client. Pretty shitty thing to do if your whole ad spiel is about how you can trust them because they're so open and transparent.
Or maybe it was the weird blockchain coin thing they added into Signal, that left a bad taste as well.
Please don't do anything illegal...
As long as you stay ^far^ ^far^ away from Javascript, you should be fine.
On a serious note, if I'm not mistaken, most cases of ToR users identity being uncovered is via information the user either unintentionally leaving information public, or privately told another user, which was made public due to a betrayal or a security breach.
In most other cases involve security flaws in ToR clients not the network, again if I'm not mistaken.
smart move to add that note, they nearly send out a swat team
@iso depends if you click on this click: https://dowloadtor.melroy.org
Were the link go? I'm too spooked to click
The Curiosity of the human mind is the weakest link.
WDYM I just downloaded Tor Browser from there and its working as expected. But interestingly it was Chromium based.
It's a fake link.
Isn't Tor browser based on Firefox?
Yes.
I'm intrigued. What is that link?
The Curiosity of the human mind is the weakest link.
Actually, that's what makes us better. Even if the price is death of one for knowledge of the whole race
I fully agree with you ;) .. Although a lot of animals are curious as well. But I mean it's one of the weakest links in terms of security. The human is the weakest link.