Re: [tor-talk] Escape NSA just to enter commercial surveillance?

[juan <juan.g71@xxxxxxxxx>]

On Fri, 15 Jan 2016 19:36:24 +0000
Ben Tasker <ben@xxxxxxxxxxxxxxx> wrote:

> > Yes it does, unless the proxy server 'shares' information with
> > facebook.
> 
> By using a proxy, you're placing trust in the proxy operator, both to
> have configured things appropriately (I've seen some advertised as
> anonymous where X-Forwarded-For has been left enabled, deliberately
> or otherwise) and not to be actively malicious (i.e MiTM), or a
> honeypot run by another entity you don't trust.


	Well you can come up with personal anecdotal evidence about one
	misconfigured service or two. And yes, obviously, you are
	'trusting' the proxy operator.

	Fact remains : in the vast majority of cases a single ordinary
	proxy will prevent a company like facebook from
	learning where you are or who you are. 

	I think VPNs are routinely used by people who share files -
	something considered a 'crime' by the criminal mafia knonw as
	'government' - and yet the identity of those people isn't
	compromised. 

	...and using the bittorrent network is more risky than logging
	into NSA-Facebook.

	...and notice how the tor project isn't too interested in
	protecting people who do file sharing from the criminal western
	governments. 

	https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea

	""don't run Bittorrent over Tor". We've been saying for years
	not to run Bittorrent over Tor, because the Tor network can't
	handle the load; " 



	
> 
> With the HS, you're trusting Tor. Advance as many theories about the
> US Govts involvement as you like, but you're unlikely to convince me
> they'd sacrifice the outwardly displayed principles to help Facebook.

	I didn't explicitly say "to help facebook". 


	My point here is that connecting to facebook through tor
	doesn't make sense, except perhaps in some twisted use case
	like CIA agent in 'oppressed regime'. Then again, that's the
	reason why tor exists, not to help subjects of western
	'democracies'.


> 
> > whereas tor is magically protected from compromise.
> 
> No, but in Facebook's case you'd need to compromise the HS's private
> key and obtain a publicly trusted TLS cert issued for that HS.
> 
> Not impossible, but certainly challenging.

	It all depends on who the 'attacker' is and what he wants to
	know. 

	Again, hiding your location from facebook is easy. And  likely
	pointless too, since facebook's business is to spy on their
	users. You may be able to log into facebook using your real
	name and a proxied address but what does that accomplish,
	exactly?


> 
> Theoretically, someone could try and attack the dirauths or another
> part if the infrastructure you hit before Facebook, but would it be
> worth risking detection for Facebook?
> 
> In both setups, there's the risk FB themselves could try and implement
> something to identify the user's location of course, but that's a
> different kettle of fish.
> On 15 Jan 2016 19:20, "juan" <juan.g71@xxxxxxxxx> wrote:
> 
> > On Thu, 14 Jan 2016 23:08:14 +0100
> > creo <creo-tor-lists@xxxxxxxxxxxx> wrote:
> >
> > > Am 2016-01-14 18:52, schrieb juan:
> > >
> > > > Philipp Winter <phw@xxxxxxxxx> wrote:
> > > >
> > > >> Logging in to Facebook over Tor reveals your identity,
> > > >> but not your location.
> > > >
> > > > any garden variety proxy achieves the same result.
> > >
> > > No, it does not.
> >
> >         Yes it does, unless the proxy server 'shares' information
> > with facebook.
> >
> >
> > >
> > > You may be able to force the proxy operator to hand over your real
> > > IP address since they also have to comply to law and regulation
> > > based on the country they are operated in.
> >
> >         facebook doesn't have yet an army or global
> > 'jurisdiction'...
> >
> >         now if you're talking about the criminals known as the 'US
> >         government'(who fund tor) that's of course a different
> > story.
> > >
> >
> > > Also, a proxy may be compromised.
> >
> >
> >         whereas tor is magically protected from compromise.
> >
> >
> > > Due to onion routing, suing a relay operator won't get you such
> > > information. Guard nodes know who is talking to them, but not
> > > where they're going. Exit nodes know the destination of the
> > > communication, but not who's the originator, and middle nodes are
> > > blessed with ignorance on both ends.
> >
> >
> >         I know all that. My point is that so onion routing isn't
> > really needed if all you want it to hide your location from facebook
> >         or even from anybody else who can't threat to murder proxy
> >         operators like the US government(who fund tor) does.
> >
> >
> >
> > > It's dangerous to hint people to use proxies
> > > in order to get their locations hidden - their traces are just
> > > moved to another system, they're not gone.
> >
> >         Ah yes. They are not magical like tor.
> >
> >
> >         And of course it is not dangerous to promote tor, a system
> >         creted and controlled by the US military.
> >
> >
> > >
> > >
> > > - Daniel
> >
> > --
> > tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> > To unsubscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> >

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk