229 comments

[ 2.8 ms ] story [ 245 ms ] thread
I'm surprised that they haven't bundled Arti, their Rust-based tor client implementation. I will say I am thankful for Tor Browser, but any JavaScript-enabled browser seems like the wrong choice for privacy and security.
I've basically come to the same conclusion having attempted to use a lot of Tor Browser's default config in Firefox. Most of it is a good idea, but trying to be untrackable while JavaScript is turned on seems futile. Every single browser's APIs are leaky as hell. No matter how many things are turned off or obfuscated, there's always a few unique-ish details that are exposed that create a fingerprint.

There was one point where my anti-fingerprinting tactics did appear to fool Panopticlick, but that apparently didn't last long. Fingerprinting and anti-fingerprinting are a cat and mouse game, and much worse so than just ad-blocking because there's more at stake than just being annoyed by banners. There's also way too many websites doing everything, and I mean everything with JS. Fricking blog sites half the time display nothing more than a motionless loading spinner if you don't have JS turned on. And if you turn JS on well good luck because lots of things want to use <canvas> to render things that don't even strictly need it, and you're really not going to casually enable canvas for certain things? Even the list of fonts is a decent metric for fingerprinting, yet that's rarely taken seriously because even privacy experts seem to believe that every website needs to display its own fonts for "brand identity."

Though I would stay away from Tor anyway, if I were to use it, JS would have to be turned off entirely.

My default browser is Librewolf with JavaScript turned off. If a page fails to load correctly, I reopen it in Firefox private browsing mode (or, if it still fails, Chrome incognito mode). If it’s a site I expect to come back to in future, I bookmark it in Firefox and assign it its own container using the Multi-Account Containers extension.
Security is always a compromise between competing concerns. A browser that cannot browse a significant chunk of the internet doesn't get used and helps nobody.
I installed the Tor Browser to access the Z Library a few days ago. I guess I shouldn't complain, but the downloads are very slow (I'm not sure if the problem is in my end).
In general connecting over Tor or I2p is slow.
Tor works by proxying through (at least) 3 PCs before hitting the open web. The problem is that you’re trying to download big files which is not a use case for tor.

It’s specifically for browsing the web anonymously.

Was it always 7? I seem to remember it being like 3-4?
Connecting to hidden services it's 6 hops, reaching out to the internet it's 3 hops.
For a circuit to clearnet it's 3. Guard --> Middle --> Exit. For a onion service it's 6 and the connection is a bit more complicated [0]. The speed varies from very fast to unbearable depending on your circuit and how bad the ddos is at that moment. [1] You can try to create a new and hopefully faster circuit by clicking on the onion symbol on the left in the address bar.

[0] https://github.com/mikeperry-tor/vanguards/blob/master/READM...

[1] https://status.torproject.org/issues/2022-06-09-network-ddos...

My mistake, updated my comment
In your defense I also wasn't sure for a minute and had to look it up. Could also have been three hops to the intro point from the onion service.
When I first starting using Tor in the mid aughts, I was using it to download movies and music. I remember talking with a security friend and he was like, "Bruh, what are you doing? That's not what Tor is for." and then launched into a 20 min rant about why I was misusing Tor and affecting other people using the service by what I was doing.

It was a good lesson and helped me realize what Tor should really be used for.

It's likely that downloading music and movies is actually helpful for those using TOR to "avoid death" - because it provides more cover and traffic.
Check Library Genesis (on the open web) before resorting to z-lib, as that's where z_lib got most of their content in the first place.
1) Arti is basically a prototype at this point, including it already would be reckless, 2) Arti is a client for the Tor protocol, and including it in the browser wouldn't have any impact if JavaScript ships enabled/disabled by default in Tor Browser, 3) if you really want to, you can easily change the "Security Level" in Tor Browser to disable JavaScript for all websites by default.

As an alternative for the last point, turn the Security Level to "Safest" or however it's worded, then use the included NoScript addon to enable it for just sites that just won't work without JavaScript. You get functional web + JS disabled in most places where you can.

Arti isn't ready for production use yet. Its a long ways away from being usable in TBB or as a full drop in for tor itself.

I think in a years time that will change.

Just FYI that HN is very anti-tor. I made this account via Tor just now to prove the point. It will be dead by default (unless someone "vouches" for it). It's a very user-hostile stance that HN takes (along with not letting you delete your account). It really makes you wonder what they're doing with all this data? Doxxing is almost a given.
Or they realize that letting Tor users makes spam explode.
most sites seem to treat Tor poorly, possibly due to abuse. well-used VPNs also can suffer from Google captchas etc. not that I like that fact, but it seems to be inescapable
Different poster here. This account and post were done over Tor. Let's see if this holds.

EDIT: Yup; dead on arrival.

it's more likely they do this to combat spamming. accounts created by Tor are more likely to be used for spam than for legitimate discussion, since Tor evades IP reputation.

I'm sure you could email @dang and ask to be un-shadow-banned, and he would do so.

Wouldn't emailing @dang be against the purpose of Tor, which is to enhance privacy?
> Wouldn't emailing @dang be against the purpose of Tor, which is to enhance privacy?

Just use webmail in your tor browser. And don't send it from your main gmail, but create a throwaway.

It's pretty hard to sign up for an email account over Tor. The closest I've seen is Protonmail, which will let you make an anonymous account in exchange for a Bitcoin payment.
disposable email services.
Neither Google search nor YouTube seem to work (other than very sporadically, presumably if they've not had chance to block an IP yet) over Tor, does GMail?
it makes you enter a captcha (not a recaptcha though oddly) and you need javascript on, but it is possible to sign in and use gmail over tor. idk about creating accounts.
How is HN anti-tor? Everyone can read your comment. Wdym by "vouching"?

Also, HN deletes your account when you them send a mail as stated in the FAQ. It always sucks to delete accounts with user comments, as it destroys context in old threads.

As spiders crawl the web humans should consider anything they post online as undeletable. If you send HN the beforementioned, there is a chance that I can still browse your posts via archive.org or google cache.

If you're afraid of doxxing, maybe make a second thought before hitting "reply".

> Everyone can read your comment. Wdym by "vouching"?

There's "showdead" profile setting that allows you to see flagged comments, and enough "karma" allows you to vouch for hidden-by-default content.

It's one of those hidden (somewhat) features: https://github.com/minimaxir/hacker-news-undocumented#flaggi...

Thank you for the link, I didn't know about half of the features listed there!
> HN is very anti-tor

If by "HN" you mean the site technology and administrative policy, this is quite untrue.

I always connect by Tor (simply because I connect to everything by Tor) and never experience any problems with;

  torsocks www https://news.ycombinator.com
FWIW my account here was created over Tor, and only later when I decided the site was kosher and a relatively friendly place did I decide to add personal details. I don't post here with any illusion of anonymity, rather Tor is part of my daily dealings with the internet for a generally pro-active security stance. I trust that a tool created by the US Navy with "defending and spreading democracy" in mind is fit to defend my own needs.

I hope that like Facebook, NY Times and the BBC, we may one day see a Hacker News hidden service onion address.

That said there does seem to be a negative attitude toward Tor from certain Cloud companies that Flares up here from time to time. They seem unable to reconcile individual desires for personal privacy technologies with their business model of defending free speech from DDOS attacks. It's a complex problem but I do wish they'd try harder yo get on-board with the programme in a world where threats to clients are at least as serious as those facing service providers.

> Just FYI that HN is very anti-tor. I made this account via Tor just now to prove the point. It will be dead by default (unless someone "vouches" for it).

Also, Wikipedia blanket-bans Tor because it make trivial to avoid bans and blocks.

"Just FYI that HN is very anti-tor..." @deadfromtor

Citations please?

Otherwise this is horseshit. Many of HN's users signed up and access HN from tor.

I /often/ utilize the tor browser to access HN. I've not had a single issue /ever/ with that.

Yup. Suspicious just like when reddit became hostile to Tor.

It's also a violation of the spirit of the internet. Tim Berners-Lee wrote about this in the December 2010 issue of Scientific American that any walled off website that blocks you from accessing it is unacceptable because it's not the web anymore.

For me old.reddit.com seems to work just as well with or without Tor (eg via Brave). The website served at the raw domain barely functions IME, so perhaps that's where the issue lie?
The problem is user account creation, usually.

Read-only access works pretty well in most cases (unless it is behind Cloudflare, then you're @#$%@#^%).

> unless it is behind Cloudflare, then you're @#$%@#^%

Try again, this hasn't been the case for a long time.

> Suspicious just like when reddit became hostile to Tor.

And any website using Cloudflare.

> any walled off website that blocks you from accessing it is unacceptable because it's not the web anymore.

It is a personal point of pride that LokiList allows posting over Tor. Not many clearnet sites do, especially without registration.

Does that restriction go away after you get enough reputation? Or does every single comment need to be vouched for even after several have been posted and accumulated upvotes?
The restrictions go away after a while, and in the meantime users can vouch for the comments that aren't trolling or spam. They did exactly that for your comment here, as well as for https://news.ycombinator.com/item?id=33898410.

This seems to me a reasonable design that balances the competing concerns. I like that both of these comments turned into examples of the system working properly. It's true that they had to wait a little before getting unkilled*, but that's not "very anti-tor" nor "very user-hostile".

(* 20 minutes and 10 minutes, respectively)

I created my account here using a MitM Squid SSL Bump proxy in a VPS provider and posted from that proxy for a few years. Once in a blue moon I would get rate limited, I assume because this site was being abused. AFAIK my posts were never affected by using my VPS proxies. VPS IP's and Tor exit node IP's are often treated as equally hostile by many sites but not here. I avoid Tor because every time I tried it there was just too much latency for me and I don't like someone else controlling the exit node.

I eventually stopped using the proxy here on HN not because of this site but Cloudflare and Google would grief me on so many sites that people submit here which made it hard for me to review them and submitting everything to archive.ph is time consuming. I keep the MitM proxy around in case I need to go to a very hostile website or if I want to leave a funny PTR DNS record in their logs.

The inescapable fact about Tor is that its traffic patterns make you stand out prominently.

Just the fact you’re using it automatically makes you interesting and worthy of a closer look.

All well and good if you’re just maintaining a cookie recipe site on the dark web, but it’s rarely ever that, is it?

Maybe this could be a good thing for business development?

Could we convert our "observers" into early customers?

(comment deleted)
The Brave browser has around 60 million MAUs and has Tor bundled with it, so Tor traffic is unlikely to stand out as much as before.
I believe the Tor feature of Brave is an optional setting, so I assume only a small fraction of their MAU use it.
It’s not a setting, it’s like their version of an incognito tab. You can right click a link to “open in tor”
Wow this is really cool. I need to look into Brave again.
Afaik, it does not use Tor from within the browser, but uses a proxy server into Tor. That could have changed though.
It would certainly make sense from a marketing perspective to claim it's using tor, and then have a tor-proxy service (think onion.cab) use tor for hidden services and also attempt to use tor for clearnet traffic but fail back to regular proxy if it fails.

If it were directly using tor then I'd have to agree that most people wouldn't use it. Only those that are technical enough to understand what's going on and the security aspects. But they wouldn't be using Brave for the Tor functionality, they'd be using Tor Browser.

It runs a TOR client locally and proxies all connections through that. It does not implement the privacy protections of the TOR browser tho.

Basically, using the TOR network as a VPN.

Not a VPN, TOR just runs as a SOCKS proxy on whatever device you're using[0]. Replacing the actual network stack at OS level was considered but iirc was decided against because it would require admin permissions.

The TOR browser and Brave do the exact same thing, it's just that the TOR browser is configured to not store anything and to make sure it's fingerprint to other sites is as generic as possible (this is also why TOR warns you about changing window size, it un-generalizes that fingerprint). Both ultimately are conveniences because messing with SOCKS proxy settings is rather unfriendly for most users.

If you use a Linux distro, I'd recommend checking out torsocks[1], it's a shared library + a shell script that lets you "onion-ify" any application pretty easily.

[0]: This also means you can connect basically every mainstream browser to TOR if you know the port the SOCKS proxy is running on.

[1]: https://man.archlinux.org/man/torsocks.1.en

They also have private windows without Tor and the users probably found out that Tor takes quite longer and works only half the time compared to the ordinary private window, so I wouldn't get my hopes up that it is adopted massively.

(Still, it's great they have done that.)

I don't see this on Android. I also can't seem to locate any related settings.
Similarly, as do the Trezor wallets.

Quite a few people involved in crypto send a bit of TOR noise across the wires using that client to do transactions

This is a good point, though. We need more and more things to use it (legitimately) so that the traffic alone isn't as suspect.

It'll always be a little suspect, I suppose, being only visible to exit nodes or whatever

This is a wrong conception. Using tor without Tor browser will make you stand out much more, since you're using a different browser. Not talking about non-browsers connections.
While this is true, it shouldn't make anyone more worthy of a closer look. It's the same argument used to justify mass surveillance. Trying to defend a Constitutional right to privacy, if one exists in your country, does not mean you are automatically trying to hide doing something wrong.
I didn't take the parent comment to be referring to governments. Most of the internet is made up of private organizations, many of which are interested in the traffic they carry.
Also you are providing cover to agents of US intelligence who use it
iirc IC still mostly uses burner shell companies for IPs, at least for running ops. Tor is fine for innocuous browsing but Tor exit nodes will stick out like a sore thumb in the victim's logs or IDS.
a closer look maybe, but unless they break Tor they'll only have a close look at your timing traffic.

if you're worried, you could use a popular VPN to connect to Tor - using a VPN is less interesting. also, P2P app developers could consider running non-exit nodes in their clients for popular apps. there shouldn't be legal risks unless you're running an exit node, and this adds more noise to the signal of Tor users.

Why are exit nodes more legally perilous than non-exit nodes?
they shouldn't be, but there's a practical difference in how often your house gets raided by FBI agents.

if a Tor user uses your exit node to email a bomb threat or access child porn, it's your source IP that shows up. the FBI should check your IP against the registry of exit node IPs, but if they don't it's still your door getting kicked in.

Exactly - and I've noticed there aren't very many exit nodes at all, small enough that I can start to recognize them by name.
Yea, there is only about 1000 (actually 1300, I just checked) exits - out of only ~6000 nodes total, the Tor network is actually kinda small.
So I guess the question is, how would one scale the number of nodes? Isn't that really what's needed then?
Yes, and it's needed. Running relays or exits helps the network.
Using a VPN to connect to Tor can decrease anonymity. The Tor wiki has a whole page about the topic https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlu...
the scenario I'm describing is "You -> VPN/SSH -> Tor" and your link says it's a fine idea.
Just keep in mind that your VPN/SSH provider now has the same visibility your ISP did.
Using a reputable VPN who claims no logs is much better than an ISP who gladly hands over logs.
Using a reputable VPN who claims no logs still places immense trust in that VPN provider. If you're a journalist or political dissident, it's possible your life is resting on that trust.

Alternatively, You -> ISP -> Tor -> VPN and paying with Monero obtained over Tor without ever having disclosed your ID or any revealing info means:

• Your ISP knows who you are, but not what you're doing (no anonymity, yes privacy). The connection to tor establishes privacy from ISP.

• Your Tor exit node sees you're connecting to a VPN, but does not know who you are, or what you're doing (yes anonymity, yes privacy). The routing of Tor establishes anonymity, but not privacy from the exit node. The connection to the VPN establishes privacy from the exit node.

• Your VPN provider knows a bit about what you're doing, but not who you are (yes anonymity, less privacy)

This offers additional protection if your VPN provider is compromised / lying about logging (you have no way to verify at any given moment, only that they weren't in past incidents that have gone to court, but this is no guarantee they can't be compelled to start logging your connections).

This also offers additional protection if your guard node and exit node are compromised, which is sufficient to deanonymize tor users.

What it does not offer protection against is all ISP's involved selling netflow metadata to a single party who uses timing and packet sizes to correlate traffic across all of these connections, like Team Cymru does with their Pure Signal Recon product (formerly called Augury).

If that scares you, I'd encourage you to look up what company actually owns and operates torproject's website, and how many contracts they have with governments, too.

assume there's an xkeyscore query logging Tor connections within the US. that's easy for the NSA to implement, and seems like something they'd do, and would capture all users directly connecting.

now, a foreign VPN isn't going to be connected to the xkeyscore dragnet like Comcast would be. I'm sure the NSA's pwned dozens of VPN providers, but beam-splitting all VPN traffic into a colo'd supercomputer isn't going to be stealthy. the best the NSA could do is watch for outbound connections from the VPN to Tor, then match the connection to your ingress using their access inside the VPN's infra. they can't do that in bulk without the VPN company catching on. that's a capability they'll save for going after individuals. just the fact you connected to Tor isn't suspicious enough to be worth risking burning their backdoor, for them.

the point is that connecting to Tor via a VPN keeps you out of the dragnets. and all the VPN provider learns is that you're using them as a gateway into Tor.

I once tried running a non-exit node and quickly found that a lot of sites would blacklist my IP regardless. Can't recommend.
There is also the inescapable fact that Tor was created by US Intelligence, specifically the US Naval Research Lab[0]. And according to FOIA documents it continues to receive a huge chunk of funding & resources from US Intelligence, particularly from the United States Agency for Global Media (formerly the Broadcasting Board of Governors), which supervises our propaganda channels Voice of America and Radio Free Europe/Radio Liberty[1].

As far as I can tell, the US Intelligence community has never explained it's aims/goals for Tor. The fact that Tor not only attracts the type of traffic that US Intelligence would have a lot of interest in monitoring, but also by design then funnels that traffic through a small number of exit nodes, makes it seem self-explanatory. But I wouldn't want to presume anything.

[0] https://en.wikipedia.org/wiki/Tor_(network)

[1] https://www.documentcloud.org/app?q=%2Bproject%3Athe-tor-fil...

You don't need (outdated) FOIA documents for that... Go to https://www.torproject.org/about/sponsors/ and you will see that they get money from the US government, if you want to know more about how much, go check the IRS 990 forms [1] or check the blog post that explains the 990, it also gives clear percentages on how much comes from where, [2]

[1] https://www.torproject.org/about/reports/ [2] https://blog.torproject.org/transparency-openness-and-our-20...

This part appears to be missing from the Tor website:

> 2,500 pages of correspondence — including strategy and contracts and budgets and status updates — between the Tor Project and its main funder, a Central Intelligence Agency spinoff now known as the Broadcasting Board of Governors (BBG). These files show incredible cooperation between Tor and the regime change wing of the US government.

So the documents acquired via FOIA requests are worth reading, and it's worth discussing why the US Intelligence community has such an active interest in propping up Tor.

(comment deleted)
It's pretty obvious that TOR is a helpful tool if you're doing spyshit in foreign countries.
That's what _they_ want you to think!

(finally I can say that and it may in fact actually be true for once! hahaha)

I use Tor Browser as my daily driver (for everything that doesn't need me to be logged into an account), for an on-principle protest against the out-of-control commercial surveillance that almost every Web site willingly participates in.

The federal government isn't in my threat model, and "you can't fight city hall".

AFAIK there are US intelligence agencies that rely on and use Tor for their agents abroad and US intelligence agencies that try to break it for their own reasons.
That’s probably one of the reasons that TLS over Tor has remained such a tough nut, with people who otherwise seem to have tinfoil hats claiming that it’s not needed because Tor provides enough protection. My opinion is that you want that end to end protection for the same reason you want it on the clearnet - to make so nobody along the way is sniffing your traffic. (that includes both exit nodes and any middle nodes that might be taking advantage of an unknown flaw or bias)

Having a bunch of Tor site certs in your MacOS keychain has its own issues, so what is really needed is a way for Tor browsers to accept those certs directly without using the OS trust stores. The current practice of authenticating the remote site by PGP signature would remain more or less the same - you just wouldn’t have exit nodes sniffing traffic.

I’m also convinced that the whole reason Google has pushed TLS so hard isn’t some noble quest to protect people’s privacy and freedom of speech - it’s more to keep people from blocking their advertisements, which isn’t nearly so sexy an argument, but it has brought good benefits for a lot of people.

> people who otherwise seem to have tinfoil hats claiming that it’s not needed because Tor provides enough protection

I've been on the side of advocating for it, but the other side isn't making an obviously ridiculous argument. The onion protocol itself negotiates an end-to-end cryptographic session, authenticated by the onion site's public key, between the onion site and the end user. There's not cleartext traffic sent between a Tor exit node and the onion site or anything!

My argument in favor of TLS to onion sites was that, at least as of onion protocol v2, the cryptographic session was not itself TLS, and its security and threat model hadn't been as extensively reviewed as those of TLS. So it might turn out that there was something suboptimal there that the rendezvous server could then use to perform a sophisticated cryptographic attack.

I don't know if this is still true of onion protocol v3 or if the client-to-onion-site session is now also based on TLS.

No, v3 isn't TLS either. TLS is only used as a connector between hops (so the client connect to a node using TLS, and the nodes connect to each other using TLS), but that is it. (I think, if I'm wrong do tell me. I didn't go check the spec)
You seem to mix up a lot of stuff here. The Tor Project thinks TLS for onion services is unneeded because they ARE end to end encrypted by design. The address itself is an ed25519 public key. And exit nodes are not involved in connecting to an onion service at all.

For connections to the clearnet it was always highly recommended to only use TLS and recent Tor browsers have now finally enabled https only mode that displays a big warning if you try to connect to a http server.

> but it’s rarely ever that, is it?

Maybe I'm unique, but my dark net activity is usually pretty tame. The number one reason I use Tor is because browsing onion sites reminds a bit more of how the web used to be in the late 1990s. Lot's of garbage of course, but a lot more serendipitous discovery than the web today.

Because of its anonymous nature Onion sites are inherently resistant to being swallowed whole by advertising. Nobody on the dark web is creating "content marketing", if someone is trying to sell you something it's obvious. You're not the product on the dark web.

I know it's wishful thinking, but I often hope for a parallel web to really thrive on Tor.

If I may ask (provided you’re comfortable with disclosing) what kind of content do you find there that’s genuinely interesting?
Personal blogs in my case. I find a similar landscape on Gemini. I really dislike the noise proeuced by ad-sponsored websites.
While not Tor, I browse I2P websites from time to time. tracker2.postman.i2p is a great torrent tracker if I want to easily get access to leaked material I read in the news about. And planet.i2p to see newly "registered" websites. Content on those websites vary, but I've stumbled upon a couple of blogs, ranging from the mundane, to conspiracy theory blogs, which are also fun to read. It really does give you that 90s internet feeling.
A surprising number of "clarinet" (er clearnet spellcheck) sites have onion sites, if you use Brave and TOR it sometimes shows up a little onion in the right telling you there's an onion version available.
The regular tor browser does this too.

Nytimes.Com is an example.

> I know it's wishful thinking, but I often hope for a parallel web to really thrive on Tor.

Me too. Wish every blog and web site out there was a hidden service instead. Especially this one.

Sounds like I should use my session for multiple unrelated activities while using Tor, to cover only for one of them (before changing my fingerprint)
Tor can be made substantially less obvious if you make sure the bitrate and packet timings over each 'hop' of users connections are fixed.

Eg. each client sends out 1000 1 kbyte packets per second to each peer, once per millisecond. Inside each packet, they send the onion encrypted user data. The rest of the packet is filled with rand().

Without that protection, any network attacker can do packet size and timing analysis to unmask nearly any user rather quickly.

Is that individually tunable, or are you suggesting something that the project would have to change in their code?
It would only be effective if at least some proportion of clients used it.

If just a single client used this option, their traffic path, all the way to the exit node, would stand out to any network attacker.

I took class in IT privacy back in the day. Exactly this idea came up. And while it really disables certain kinds of timing based attacks, the problem is it doesn't scale. If everyone did this, it seems the network would be flooded.
I'm not sure if only the client does the padding, or if the padding also occurs at intermediate hops, but Tor does randomly pad traffic by default (from manpage of torrc):

       CircuitPadding 0|1
           If set to 0, Tor will not pad client circuits with additional cover
           traffic. Only clients may set this option. This option should be
           offered via the UI to mobile users for use where bandwidth may be
           expensive. If set to 1, padding will be negotiated as per the
           consensus and relay support (unlike ConnectionPadding,
           CircuitPadding cannot be force-enabled). (Default: 1)

       ReducedCircuitPadding 0|1
           If set to 1, Tor will only use circuit padding algorithms that have
           low overhead. Only clients may set this option. This option should
           be offered via the UI to mobile users for use where bandwidth may
           be expensive. (Default: 0)
Padding is always positive. That means every packet will always have its size increased, but never decreased. With a mixture of packet sizes, and flows, it's still only typically ~30 or so packets to identify a flow with this padding. That means a typical user might have anonymity for perhaps 1 additional second using this option...

Basically - this option doesn't serve it's intended purpose.

A colleague at a former academic job was questioned by campus police because he was one of a handful of people on the university network connected to TOR when a bomb threat was submitted (I forget how, though) from an IP address running a TOR exit node. Bomb threats from students were pretty common during exams, so after the cops saw that it was our very privacy conscious dev ops guy they didn't pursue him as a suspect. If the person who did it connected to TOR from the university network to submit a bomb threat to duck an exam, they definitely deserve to get caught. I think that qualifies as "just enough knowledge to be dangerous."
Sometimes it goes the other way too. In my high school, a handful of kids wore all black every day. They were harmless valley girls/guys if you spoke with them. I figured they _wanted_ to be seen as a threat.

Why would someone make a legit bomb threat? Isn't the point of the bomb for it to explode?

I suppose some people might just want to destroy infrastructure and not kill people directly (give people an opportunity to evacuate).
Two historical examples: The Weather Underground regularly and the IRA occasionally called in their bombs in advance order to reduce/remove civilian casualties. They tried to give enough time to evacuate an area but not enough time to find and defuse the device.
I wore all black as a high school student. It fit with my subculture intersts and I just dug the dark aesthetic. I knew other people found it to be unsettling but figured they should probably be more open minded and judge people for what they do and say rather than how they look... I was right, too. Cops disagreed. The nice part is how pleased people were to find out how pleasant I was to talk to.
The replies have reminded me to mention that I shouldn't judge so quickly and that a handful of those all-black-clothes-all-day-regardless-of-weather school mates were and some still are my friends. I still believe there is a message that is trying to be delivered via one's threads but it can be a plethora of messages rather than just "fear me". EOM.
It is, in my case. All my system updates run over Tor. I do it to generate noise.
This is one of the main reasons why I keep using Tor daily. The more people use Tor for normal browsing, the less interesting it becomes to be a Tor user, the better the anonymity for everyone else.
I also use Tor sometimes for the sole purpose of muddying up the waters for investigators.
Similarly, I use it to train my internal neural net to better answer Cloudflare CAPTCHAs.
Quoting Phil Zimmermann:

What if everyone believed that law-abiding citizens should use postcards for their mail? If a nonconformist tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world, because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in numbers. Analogously, it would be nice if everyone routinely used encryption for all their email, innocent or not, so that no one drew suspicion by asserting their email privacy with encryption. Think of it as a form of solidarity.

Would tor be better off if a major (millions of users) free software or browser vendor added always-on tor exit nodes to their releases?

The only solution to this problem that I can see is massive no opt-out adoption until a tipping point is reached.

You can use pluggable transports to camouflage your traffic (they're already built into the Tor Browser, e.g. snowflake, obfs4 ...).
Even if you run it over a VPN connection?
Yes, you just stand out to the VPN provider instead of your ISP. The VPN traffic itself makes you stand out to your ISP but in a different way.
> All well and good if you’re just maintaining a cookie recipe site on the dark web, but it’s rarely ever that, is it?

No, it isn't rare. Plenty of people use Tor for casual browsing without triggering invasive ads and similar. It just works.

> The inescapable fact about Tor is that its traffic patterns make you stand out prominently.

I'm curious as to how it stands out. I can imagine a few things, like an ISP seeing traffic to known TOR intermediary nodes, or maybe analyzing packets to look for some sort of handshake?

> Just the fact you’re using it automatically makes you interesting and worthy of a closer look.

Sort of. But what would looking do? What does looking mean? The traffic is encrypted, they can look all they like. In the US they'll need more than "they connected to TOR" to get a warrant to search your device.

I don't know if this is true, but I've read that if you plug in the tracking number for a package at USPS.com through Tor, the package will be flagged for inspection.
Source? Because this reeks of urban myth FUD.
It's known from leaks that showing an interest in Tor is enough to get you on an NSA list. But this list was so incredibly broad that anyone with an interest in technology was/is probably on it, diminishing its usefulness to actually discriminate anyone.

https://www.propublica.org/article/heres-one-way-to-land-on-...

I mean how do they do it? In terms of the technology/ fingerprinting approach.
I use it when looking up drugs and medical conditions. If the NSA wants to spend their budget connecting me to searches about sumatriptan or plantar fascitis then that's a useful (useful to me, fuck the NSA) waste of their time. If not, then it creates noise for the rest of the network.
> if you’re just maintaining a cookie recipe site on the dark web

Some people just want privacy. No need to have an specific "cookie recipe" activity: they would just browse the New York Times, but in full reassurance of anonymity - as they believe is normal.

(And by the way: "«brows[ing] the New York Times»" - as a sequence of actions - is not a neutral activity, but already a profiling one.)

Could we maybe not on this website use the term glowie considering it's explicitly sourced from a neo nazi and a phrase involving the n word. seems like maybe not real in line with HN rules....
It originated from Terry Davis the creator of TempleOS, but okay I get your point.
True I miss remembered the details. but it has been so amplified by neo nazis that wikitionary sources them as popularizing it .
/pol/ popularized it through him since they were big fans
I thought glowie was a term used to describe undercover FBI/CIA agents. It's in frequent use in leftist (communist/anarchist, not liberal democrat) forums.

Is there actual substance behind this claim of its origins or is it yet another tired attempt to rewrite language for no particular reason?

So I guess Mozilla isn't working on unforking tor browser?
They are probably not satisfied that Tor doesn’t have a deplatforming mechanism.
I'm glad this knowledge and discussion is still alive and well. F them for this.
Can you elaborate on this? I think I'm missing some context.
Based on their blog post where they want more deplatforming capabilities https://blog.mozilla.org/en/mozilla/we-need-more-than-deplat...

There was also a comment from one of the Tor foundation members about how they wish they were able to deplatform kiwi farms from tor but it’s technically not possible.

Ah thanks. Never saw this. I read that post as almost "deplatforming doesn't work" (a statement I tend to agree with) but I guess the word "more" implies they support deplatforming AS WELL AS other things. Interesting.

I would kind of hope Mozilla sees themselves as neutral carriers. Maybe that's not the case. Still better than Google though.

> they wish they were able to deplatform kiwi farms from tor but it’s technically not possible.

Well, then they built it correctly!

It seems to me people like this want technological solutions to problems rooted in culture and economics. I think the best solution is don't stop people from saying bad things, instead teach others to know when not to listen to the bad things. I guess it's a new phase of humanity though...Dunbar's number might not be changing, but who's in a person's circle is now wildly distributed. I'm not sure of a great solution to people believing birds aren't real or that Qanon isn't a pimply teenager on 4chan, but banning morons from Twitter isn't a real solution. Interesting times.

On a network that hosts CSAM and drug markets, the worst thing is a gossip forum.
Regardless of the issues with TOR itself, or the areas where I disagree with Tor Browser's approach, I love the project anyway because they're great about identifying and tracking all the things Firefox does that could put our privacy at risk. Having more eyes on Firefox update after update is wonderful and I've been incorporating many of their setting changes for years. I hope they can keep doing what they do for a long time!
It's sad to see that Apple Silicon gets extra treatment and arm64 work suddenly gets done while for Linux it's still amd64-only. With Signal it's the same and they also don't offer arm64 builds.

Nowadays it's very easy to build for arm64 - you either go the way with cross compilation or you go the way with full qemu binary emulation which is as simple as it gets because you would build within an arm64 docker image, e.g., docker.io/arm64v8/alpine or docker.io/arm64v8/ubuntu and qemu-static handles the emulation (it will be slower than cross compilation but as long as speed is acceptable you can go this easy way).

All comments here focus on extreme cases: The police viewing you as a possible suspect, FBI becoming interested in you etc.

Here is a much more mundane problem: Using Tor (even a VPN) while logging in to most big Silicon Valley firma that make money with your data (LinkedIn, Facebook, Tinder etc.) will result in your profile being suspended REAL FAST with the only way out to upload your gov't ID, i.e. complete deanonimization (perhaps as a kind of punishment).

Any solutions?

I struggle with the very same problem. Even connecting a real physical SIM won't protect accounts from suspension. This is crazy because it isn't based on behavior on the platform (like posting too much or liking too much) but merely on the IP and browser fingerprint.

Unfortunately, no solutions in sight.

The solution is simple. Don't use a site that abuses your privacy.
Stop using those services. This is a clear message that you cannot use them privately.
C'mon, for a forum of hackers that's a pretty lame answer, isn't it? :P
People from a forum of hackers should be above depending on Big Tech corporations for anything. Easier said than done but it should still be the general goal.
weird that facebook would suspend you for using tor when they have an official onion service.
It's a similar story with Twitter. I guess those onion services should be seen more as "censorship-resistant funnels to siphon your data" rather than anonymous ways to use the service. (Although I'm not sure how many situations there are where Facebook is blocked but Tor is accessible.)
For the last 2 years I've been using FB via their onion service with Tor, no problems with account so far
I once spoke with someone who knew someone who ran an exit node in Europe. He told crazy stories with police knocking every once in a while.

Also the legal structure to do that was tricky, because you want to avoid the police searching your house; you'd also like tl spread responsability on multiple shoulders. So you have to create a kind of non-profit organization and run the exit node through that.

It's very hard work and we should be thankful for the people who do it.

Does anybody know more about how exit nodes are being run?

I ran one in my student housing wardrobe a decade or so ago.

I too have some stories, but no one ever met up with me in the flesh.

Come on then, no need to be coy.
For example, once or twice people called me (somehow) and asked why I was hacking their websites. I tried to explain, but I doubt I convinced anyone.
How would a non government entity get a physical address or phone number from an IP ?
Social engineering can be very powerful. Small ISPs could fall victim to this easier.
May I ask: That wasn't enough for you to stop operating a Tor node? People were abusing others thanks to your specific personal efforts and you just said: "eh, it's still worth it". How do you determine that it's still worth it?
Do you make the same overclever statements when someone abuses freedom of the press?
There is nothing overclever about it, the tech is obviously being abused by criminals. The question around whether it's worth it to enable some "freedom of the press" is apparently enough to evoke some anger within you.
All tech is abused by criminals. Should an ISP close up shop when one of their subscribers is proven to be a hacker? Likewise, we could argue that many of the legitimate technology companies should be considered criminals. With a few strokes of the pen, they could one day be criminals.

My first interaction with Tor I purchased some weed on Silk Road. All very much illegally then and less so now. Things change and are not always quite right to begin with. I’d wager that many readers here now have legal retail access to euphoria inducing cannabis products that they did not at the time of that transaction on SR.

Also. I understand that Tor isn’t always secure and I may have messed up. But whatever. Even as some obfuscation I’m ok with it. Anyone interested could track the payment and find me.

Rather than playing coy, you should tackle the challenging part of your argument head-on: tell us why you think Tor is different from other technologies that are routinely abused. That would actually be a substantive contribution to the discussion.
Why do I have to tell you this when it should be instantly obvious: Tor is literally designed to obfuscate the identity of people. A coffee machine isn't.
I assume that since you think that desiring anonymity is criminal that you wouldn't mind replying with your full legal name.
So you think people in oppressive regimes should voice their opinion and/or whistleblow with no identity protection and risk... death?

You either have haven't thought about this topic very long, or you're just a troll.

I'm curious if you are also opposed to encryption in general. How about https? Should all traffic be http?
>Why do I have to tell you this when it should be instantly obvious

Because it's only instantly obvious until you consider it for a moment. By your logic, literally any privacy-preserving technology, be it disposable email services or *69 on your telephone, are morally unjustifiable.

Drop your pen, cause that is a tool abused by criminals to make atom bombs (ultimately).
Some statistics from one of my servers regarding Tor abuse. From 1130 abuse IPs in my http access log 4 are Tor exit nodes and from the 1905 ssh bruteforce attacker IPs 3 are Tor exit nodes. Stop operating Tor nodes would therefore reduce the abuse by basically nothing but take Tor from the people that need it.

>eh, it's still worth it

Yes it's totally worth it.

My abuse logs for the last two years have overwhelmingly been from compromised Chinese devices, and Spanish servers. Not sure why Spain is so often used, but Tor abuse cases are few and far between.
> Does anybody know more about how exit nodes are being run?

They have a good list of points on the Tor site. The most important ones are usually to distance yourself from the exit node and make it obvious what it does so you don't get entangled into whatever is going through the node.

https://blog.torproject.org/tips-running-exit-node/

(comment deleted)
Do Not Run An Exit Node!

very few people have legitimate uses for an exit node. And it is a security nigthmare for everyone (you owning their crimes, them being at your MiTM attacks mercy, etc)

But Do Run A Tor Node!

everyone should join tor and it should become the main net, with only tor traffic.

An ISP doesn't own the crimes that an attacker sends through them.
Well, I’m going to burn some karma by agreeing with you.

Running an exit node is a bit like operating a no questions asked gun shop in downtown (some deprived city).

Sure, there’s perfectly legitimate reasons to own and therefore sell a gun to someone, but that particular shop will be in the business of facilitating crime - and that’s a bad thing and therefore not a moral occupation.

If you run an ISP, chances are 100% that people will use it to feed their pornography and gambling addictions. That ISP will be in the business of ruining lives. Does that make running an ISP am immoral occupation?
> Running an exit node is a bit like operating a no questions asked gun shop in downtown (some deprived city).

It's not quite like that. For some use cases that could be a correct metaphore. But for others, it's more like running a self-defense class in a well respected neighborhood.

> But Do Run A Tor Node!

Just a word of caution, while running a non-exit node is obviously safer from a legal point of view, the entire list of active tor nodes isn’t secret, and there are enough people in the world that do not understand how tor works that the chance is non-zero that you’ll still end up on a block list somewhere for simply being a “tor node”, even though you never let any of the tor traffic out on the Internet.

I know for a fact this can happen because it happened to me.

Happened to me too. Worked from home and it showed up I was logging in via Tor. They were not pleased.
Google shows anti-bot challenges if you run a non-exit relay.
I'm running exits since about 9 months. Have been running non exits for over a decade before. The exits are run by a non-profit (a Swiss Verein) and use the recommended setup like described in the blog post. The ISP knows it's an exit, it has a page on port 80 describing it and a PTR record that contains tor-exit.

No contact with the police till now.

If you would like to support the Tor network but don't want to run nodes yourself you can donate to one of the relay associations https://community.torproject.org/relay/community-resources/r...

Thanks for doing this. Early 2010s, I provided free wifi when I lived across the street from a subsidized housing block. I tunneled all their traffic through Tor (including DNS via a hacky script).

I was too much of a coward to take the risk of the police breaking down my door because of something done by some random person using the free wifi. Thanks to others like you who were braver than I was, a bunch of folks had free Internet access.

But then weren't you leaking all their HTTP traffic to a possibly malicious exit node?
These are people who connected to a random open wifi network. Tor exit nodes were probably the least of their worries.
That's no justification for adding a known-malicious network to the list.
Good point. I considered adding more details, but felt they were off-topic to the purpose of my post, and didn't want to have the "thank you, brave soul for running an exit node. Your actions might enable other good things that you might not have expected" message lost in noise.

There was a captive portal page (another hacky script running as a CGI) where the user had to agree to, "not be a dick" to continue. And, the user also had to agree that they were aware that others, who were dicks, could be accessing their data if it was not encrypted and gave the example of http vs. https in the address bar of the browser.

There was also a picture of an onion on the captive portal page, and a link to a FAQ which talked about open wifi and Tor. Exit nodes were not geo restricted, so if nothing else, the warnings and explanations allowed the users to understand why sites often seemed to think they were in a different country.

There is a limit to what people are able to digest about a subject that is not one they focus on. But, the warnings (right on the main captive portal page; without having to navigate to the FAQ) were sufficiently scary to encourage caution.

The most likely available alternative would have been public access terminals in the library, or other open wifi for those with portable devices. Public access terminals could be running keyloggers and worse. Even if the public terminal is free of malware, the non-technical user might just close a logged in browser tab/window, not realizing that is not sufficient to log them out.

Yes, even with users being careful about looking for https in the URL bar, some websites are broken and use https for their login page, but use http for their session cookies. But, trying to protect from these incompetent websites would require shutting down all public wifi everywhere (OWE [opportunistic wifi encryption without authentication] did not exist yet).

I think my open wifi (and open wifi generally, as well as Tor) were/are a net good. If, after this additional detail you still disagree, then we will just have to disagree.

You went above and beyond with it all, yes I was mainly concerned how informed the users were and agree open wifi and Tor are a net good. Appreciate the writeup!
While supporting funding more nodes is a noble goal another concern I consider overlooked is the potential 'centralisation' of nodes e.g how a large number of Tor nodes are hosted in Germany and near countries and the implications for network surveillance.
I once tweeted something like:

> "For those of you interested in running an exit node, just be safe. Always remember to run it via your company's VPN to ensure the safety of those making passage through."

The engagement was nuts and the sheer amount of people who use ToR but were unfamiliar with what a statement actually says was frightening.

I've been running exit nodes in europe for years and not even a call from the police, what's wrong with me? huh? ;)

I do regularly handle abuse complaints by blocking IPs or other actions.

Have you been blocked by any major services? I've heard horror stories from colleagues of their static IP address eventually being blocked from their bank.
I've had my IP blacklisted for running a non-exit node, just a relay. So it's definitely a thing.
Running an exit from your home IP is a very, very bad idea so he most likely has rented a server somewhere and is running the exit node there.
I'm sure they have been blocked, many times. Some online services simply fetch the tor exit node IP lists from the tor project and block them all pre-emptively.

The thing is that I rotate my tor nodes every other month, manually. No pipeline setup for this yet. So I destroy old VPS and create new ones with the same signing key and family in the node info.

I suspect you're talking about running an exit node at home, or on an IP-address that matters. That's a stupid thing to do.

It is widely suspected that the US NSA runs a large number of Tor exit nodes themselves. Tor was originally developed by a US military research lab and received additional funding under the justification that it would help dissidents in China and North Korea evade their country's censorship and surveillance. It also doubles as a way for the US government to surveil anyone seeking to evade surveillance as well.

See the sources cited at: https://en.wikipedia.org/wiki/Tor_(network)#Exit_node_eavesd...

> It also doubles as a way for the US government to surveil anyone seeking to evade surveillance as well.

Supposing they own now enough Tor node, which the Wikipedia link is unclear about

It seems like a reasonable claim judging by how much easier and cheaper it is to spin up 10s of thousands of nodes than it was a decade ago. Even a wealthy person with a miniscule fraction of the US defense budget could do the same.

Idk if there is a technical solution to this attack problem.

There are solutions, but they come at a steep cost with regards to usability, so would shrink the anonymity set to what would be an unacceptable level for the uses Tor cares about. The reality is that these attacks, while theoretically possible, require more work and money than the rewards justify (you can't just bulk buy nodes from a provider, Tor doesn't allow connections that route to the same host or close IPs, and does somewhat regularly block relays that were all created suspiciously close chronologically without identifying as the same operator), so are considered an acceptable risk. Snowden was willing to rely on Tor, the rest of us who just want some extra privacy will be just fine.
> It also doubles as a way for the US government to surveil anyone seeking to evade surveillance as well.

On a technical level, exit node operators aren't supposed to be able to trace the origin of data flowing through them... so this indicates a failure of protocol.

Unless you control enough nodes. Tor was never designed to be 100% surveillance proof
It's surprising to me that those people haven't been arrested yet. People get raided for far lesser offenses compared to running Tor exit nodes.

Exit nodes are a mistake. The web is a lost cause by now. Most sites already consider access through Tor to be abuse. Exit nodes are also the focus of the deanonymization attacks that I've seen. The Tor hidden service network should be strengthened instead. We should launch hidden services instead of web sites.

You don't arrest people because someone does something you don't like, you arrest them because they break the law. Running an exit node is not illegal.
How much do you believe what this book (by Yasha Levine, writer for Wired, New York Observer, etc) states — that Tor is funded by the CIA and has backdoors?

https://www.amazon.com/Surveillance-Valley-Military-History-...

It is 100% false that Tor was funded by the CIA. However, it is a very well documented fact that Tor was initially funded by the US Naval Research Laboratory, which also has a mandate for international intelligence gathering. Get your organizations right.
“ In May 2020 we found a group of Tor exit relays that were messing with exit traffic. Specifically, they left almost all exit traffic alone, and they intercepted connections to a small number of cryptocurrency exchange websites. If a user visited the HTTP version (i.e. the unencrypted, unauthenticated version) of one of these sites, they would prevent the site from redirecting the user to the HTTPS version (i.e. the encrypted, authenticated version) of the site. If the user didn't notice that they hadn't ended up on the HTTPS version of the site (no lock icon in the browser) and proceeded to send or receive sensitive information, this information could be intercepted by the attacker.”

This seems like a dumb way to exploit an http downgrade attack. Far better, would be to redirect the user to a fake looking https site and collect the user data there.

As with many such attacks, a password manager can help mitigate or WebAuthN. Though I am not sure how that would play with Tor and the privacy guarantees users are looking for.

I've tried to use Tor, but it seems the majority of of websites will just straight out block you if you do, so it doesn't seem of much use.
Perhaps, if we encourage more people to use privacy preserving tools like Tor browser, signal, etc., then privacy for everyone will be normalized again. One can only hope
Somehow I knew if I looked at these comments, I'd see the top poster be something like "I know someone, who knows someone, who heard from someone else that this one time in bandcamp..."