I was going to leave a comment on the linked page that a link to the project's budget should be prominent. I couldn't, because to do so, I had to either login via discord or github. Seems a bit ironic.
I tried contributing all of my $40 worth of Brave BAT currency (earned from ads) via contribution button in Brave. However it seems I can not as i'm treated with the following message: "This creator is unable to receive contributions from Gemini"
> charitable giving from individuals from the U.S. decreased by 10.5%
Well you see it's been a rough year for the CIA, all of their budget is tied up on monitoring the situation in Ukraine so they had to cut some corners.
Am I wrong to assume that Tor is effectively a US government project at this point? It may allow people to bypass local internet controls (in some cases including government-imposed internet controls), but I would assume it is not truly anonymous.
"At this point"? It was always a US military/intelligence project, it just happened to be useful for their purposes to launder their traffic by making it available to civilians. It's never exactly been a secret, and the project has seen a fair amount of scrutiny for this fact.
Yes but isn't the previous poster more concerned about ownership of the infrastructure that IIRC might allow to identify users and not of the code base which is openly linked to the US government?
The government uses TOR itself so it has some incentive to both operate infrastructure and also try to make sure it actually delivers on its anonymity claims. If they screw that last part up, their HUMINT sources die.
There was a contract from US government to develop the software that is now known as Tor. That was 20 years ago. The project has been ran in the open by a non profit ever since. No doubt the US agents still use the network but saying it's a "US military/intelligence project" at this point is silly.
On iOS, Tor used to recommend using the Onion browser (they probably still do, I haven't checked). Some time ago, the onion browser changed how it connects to the Tor network to use Orbot instead of connecting directly.
I can not help but see this as a malicious change.
Orbot directs all traffic from my phone through the Tor network. If an iPhone is secretly pinging some backend server for telemetry / looking for automatic updates / etc, then all those pings will now happen from the Tor exit node, effectively completely deanonymizing the user.
It's a trivial matter for an adversarial agent to ask apple for lists of all hits from a specifc tor exit node and identifying information from that user, and cross check that against whatever traffic they are trying to deanonymize.
I might be misinformed here, but I would love to be corrected about why anyone should trust Tor enough to access it from an iPhone anymore.
If you're the kind of guy who worries about the kind of entities who can ask Apple for information and get it, you probably should not be using an iPhone to begin with.
I hate this response. Not wanting your belongings to leak private information about you is not a desire only elite global hackers have. It should be the norm, especially when law enforcement routinely abuses their authority, double especially when the third party doctrine lets them get the data without a warrant, and triple especially in the age of global mass surveillance.
TBH your response ignored the actual inquiry. And the actual inquiry annoying assumed malice instead of doing a few minutes of research of why this change was made.
This is all true, but then if that's your desire then why are you using an iPhone? The only reason this is an issue is because you can't control what random data an iPhone might send out.
And you know the criteria used for data requests? Do you know whether by virtue of a piece of metadata whether I (an innocent) would be included in a data request?
If you can’t protect non-Tor users from wrongful classification by the government, then you dang well better protect the privacy of everyone, whether you like it or not.
> If an iPhone is secretly pinging some backend server for telemetry / looking for automatic updates / etc, then all those pings will now happen from the Tor exit node, effectively completely deanonymizing the user.
Tor picks different exit nodes for different destination servers.
30 comments
[ 4.8 ms ] story [ 71.9 ms ] threadYou may even be able to give it directly to a contributor.
Well you see it's been a rough year for the CIA, all of their budget is tied up on monitoring the situation in Ukraine so they had to cut some corners.
I can not help but see this as a malicious change.
Orbot directs all traffic from my phone through the Tor network. If an iPhone is secretly pinging some backend server for telemetry / looking for automatic updates / etc, then all those pings will now happen from the Tor exit node, effectively completely deanonymizing the user.
It's a trivial matter for an adversarial agent to ask apple for lists of all hits from a specifc tor exit node and identifying information from that user, and cross check that against whatever traffic they are trying to deanonymize.
I might be misinformed here, but I would love to be corrected about why anyone should trust Tor enough to access it from an iPhone anymore.
Unfortunately, this is due to API limitations.
If you can’t protect non-Tor users from wrongful classification by the government, then you dang well better protect the privacy of everyone, whether you like it or not.
The new non-deprecated iOS APIs does not allow per-webview proxying/vpning.
https://github.com/OnionBrowser/OnionBrowser/issues/47
Also, you can disable Orbot for non onion traffic, or enable it for all traffic. Either way, not a good situation on iOS world at all.
Tor picks different exit nodes for different destination servers.