[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Escape NSA just to enter commercial surveillance?

On 01/15/2016 01:11 PM, juan wrote:

I like your attitude, juan, but recommending proxies is dangerous :(

> On Fri, 15 Jan 2016 19:36:24 +0000
> Ben Tasker <ben@xxxxxxxxxxxxxxx> wrote:
>>> Yes it does, unless the proxy server 'shares' information with
>>> facebook.
>> By using a proxy, you're placing trust in the proxy operator, both to
>> have configured things appropriately (I've seen some advertised as
>> anonymous where X-Forwarded-For has been left enabled, deliberately
>> or otherwise) and not to be actively malicious (i.e MiTM), or a
>> honeypot run by another entity you don't trust.
> 	Well you can come up with personal anecdotal evidence about one
> 	misconfigured service or two. And yes, obviously, you are
> 	'trusting' the proxy operator.

Avoid free ones, for sure. Some are botnet exits. Some drop malware.

> 	Fact remains : in the vast majority of cases a single ordinary
> 	proxy will prevent a company like facebook from
> 	learning where you are or who you are. 

It's possible. But most users will not know how to test, and will just
blindly assume that they're safe.

> 	I think VPNs are routinely used by people who share files -
> 	something considered a 'crime' by the criminal mafia knonw as
> 	'government' - and yet the identity of those people isn't
> 	compromised. 

VPN services, as long as they don't leak or fail open, are actually
fairly safe for torrenting and streaming. But those are not "crimes".
You get sued for copyright violation. When there are "crimes" involved,
LEA go after VPN services and their ISPs, and all bets are off.

> 	...and using the bittorrent network is more risky than logging
> 	into NSA-Facebook.

That's debatable. It depends on what you're doing on Facebook.

> 	...and notice how the tor project isn't too interested in
> 	protecting people who do file sharing from the criminal western
> 	governments. 
> 	https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea
> 	""don't run Bittorrent over Tor". We've been saying for years
> 	not to run Bittorrent over Tor, because the Tor network can't
> 	handle the load; " 

Like it or not, the Tor network doesn't handle torrenting well. But even
if it did, it's hard to configure Bittorrent apps to use Tor safely. You
need to use a Tor-gateway, or at least set firewall rules that only
allow outgoing traffic through Tor.

>> With the HS, you're trusting Tor. Advance as many theories about the
>> US Govts involvement as you like, but you're unlikely to convince me
>> they'd sacrifice the outwardly displayed principles to help Facebook.
> 	I didn't explicitly say "to help facebook". 
> 	My point here is that connecting to facebook through tor
> 	doesn't make sense, except perhaps in some twisted use case
> 	like CIA agent in 'oppressed regime'. Then again, that's the
> 	reason why tor exists, not to help subjects of western
> 	'democracies'.

And like dissidents in China, Iran, etc. CIA agents, too, I admit. But
also Triad agents and so on.

>>> whereas tor is magically protected from compromise.
>> No, but in Facebook's case you'd need to compromise the HS's private
>> key and obtain a publicly trusted TLS cert issued for that HS.
>> Not impossible, but certainly challenging.
> 	It all depends on who the 'attacker' is and what he wants to
> 	know. 
> 	Again, hiding your location from facebook is easy. And  likely
> 	pointless too, since facebook's business is to spy on their
> 	users. You may be able to log into facebook using your real
> 	name and a proxied address but what does that accomplish,
> 	exactly?

I agree that Facebook's real-name policy renders this rather pointless.
If you're a Chinese dissident, how does it help to circumvent GFW and
hide your location when you reveal your real name? I used to have a
Facebook account, but it disappeared when I couldn't provide a working
number for text verification :(


tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to