[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Escape NSA just to enter commercial surveillance?



> Yes it does, unless the proxy server 'shares' information with facebook.

By using a proxy, you're placing trust in the proxy operator, both to have
configured things appropriately (I've seen some advertised as anonymous
where X-Forwarded-For has been left enabled, deliberately or otherwise) and
not to be actively malicious (i.e MiTM), or a honeypot run by another
entity you don't trust.

With the HS, you're trusting Tor. Advance as many theories about the US
Govts involvement as you like, but you're unlikely to convince me they'd
sacrifice the outwardly displayed principles to help Facebook.

> whereas tor is magically protected from compromise.

No, but in Facebook's case you'd need to compromise the HS's private key
and obtain a publicly trusted TLS cert issued for that HS.

Not impossible, but certainly challenging.

Theoretically, someone could try and attack the dirauths or another part if
the infrastructure you hit before Facebook, but would it be worth risking
detection for Facebook?

In both setups, there's the risk FB themselves could try and implement
something to identify the user's location of course, but that's a different
kettle of fish.
On 15 Jan 2016 19:20, "juan" <juan.g71@xxxxxxxxx> wrote:

> On Thu, 14 Jan 2016 23:08:14 +0100
> creo <creo-tor-lists@xxxxxxxxxxxx> wrote:
>
> > Am 2016-01-14 18:52, schrieb juan:
> >
> > > Philipp Winter <phw@xxxxxxxxx> wrote:
> > >
> > >> Logging in to Facebook over Tor reveals your identity,
> > >> but not your location.
> > >
> > > any garden variety proxy achieves the same result.
> >
> > No, it does not.
>
>         Yes it does, unless the proxy server 'shares' information with
>         facebook.
>
>
> >
> > You may be able to force the proxy operator to hand over your real
> > IP address since they also have to comply to law and regulation
> > based on the country they are operated in.
>
>         facebook doesn't have yet an army or global 'jurisdiction'...
>
>         now if you're talking about the criminals known as the 'US
>         government'(who fund tor) that's of course a different story.
> >
>
> > Also, a proxy may be compromised.
>
>
>         whereas tor is magically protected from compromise.
>
>
> > Due to onion routing, suing a relay operator won't get you such
> > information. Guard nodes know who is talking to them, but not where
> > they're going. Exit nodes know the destination of the communication,
> > but not who's the originator, and middle nodes are blessed with
> > ignorance on both ends.
>
>
>         I know all that. My point is that so onion routing isn't really
>         needed if all you want it to hide your location from facebook
>         or even from anybody else who can't threat to murder proxy
>         operators like the US government(who fund tor) does.
>
>
>
> > It's dangerous to hint people to use proxies
> > in order to get their locations hidden - their traces are just moved
> > to another system, they're not gone.
>
>         Ah yes. They are not magical like tor.
>
>
>         And of course it is not dangerous to promote tor, a system
>         creted and controlled by the US military.
>
>
> >
> >
> > - Daniel
>
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk