I mean, there are a couple of major points against it: it was originally developed by the CIA, the US government still funds quite a bit of its development and upkeep, and it’s intrinsically vulrnable to de-anonymization of traffic if a bad actor manages to control or spy on enough nodes (namely, if they are simultaneously spying on all of the nodes in your circuit), and the vast majority of Tor nodes are based in the US and EU, specifically the 5/9/14/69/420 eyes countries. Tor seems mainly intended for US intelligence use and also for political dissidents against socialist countries (or just any country the US hates). It’s no coincidence that Tor traffic spikes from whatever country a colour revolution is taking place, like Iran and Russia as two recent examples, which is very apparent if you download Snowflake (which creates a small Tor entry node/bridge on your computer) and monitor which IP addresses are connecting to it.
At the same time, we’re also very explicitly political dissidents and therefore we absolutely need ways to protect our data privacy and security. So… Should communists, especially ones actively campaigning for socialism/communism, be using Tor to anonymize their traffic? I’d instinctively say no but thinking more about it I actually don’t know for sure. Is there a risk it can be booby trapped for us. Are there any alternatives? Anyone familiar with Tor’s architecture who’s able to weigh in on how big a risk it is for us compared to benefit?
Tor was actually created by the US navy to protect US naval intelligence officers, reconnaissance teams, and for communication with nuclear submarine forces.
The government sees all on Tor. It does absolutely nothing to protect you.
Plus due to it’s construction, using it for any type of real time communication like Lemmygrad would be nearly impossible.
This is correct. The rabbit hole goes deep with Tor’s development, but most importantly, your privacy is locked to whoever controls the exit nodes, which is out of your control, and usually a completely unknown party.
VPNs are much safer imo, but things like browser fingerprinting make them more and more circumventable.
The thing about having three different nodes is that even if every single one of them is malicious, they can’t do anything unless they can all be accessed by a single actor with the decryption keys for all three (intercepting the encrypted Tor packets isn’t enough). Amerika certainly controls many Tor nodes, but AFAICT most of them are still private individuals, so Tor makes it significantly more difficult to surveil your activity, despite the origins of Tor and the shady connections of some of the Tor developers. It definitely does do something to protect you, even if it’s highly flawed.
A trusted VPN would be the best solution (possibly in combination with Tor), but finding one worthy of trust isn’t easy, and you can only really confirm a negative w.r.t. their trustworthiness
I heard that by using tor and a VPN, one kind of cancels the other out. Is that not the case?
no, not unless you let the VPN handle the Tor connection, which is not the case if you use something like Tor Browser with the default settings
Could you explain browser fingerprinting?
This one looks like a good intro: geekflare.com/browser-fingerprinting
Thank you. That’s helpful, albeit scary af.
Yup, its pretty scary. I just checked, and every browser I have, even the hardened ones, fail at this: https://www.amiunique.org/