Reader

Secure Online Shopping

In an ever-growing world of eCommerce, there is an ever-growing threat of malicious people looking to stealing your information, and using your financial data for their means. Today I will be discussing about the many methods of keeping your data safe against these malicious people.

1. Avoid Emails: Although emails are a way for businesses to promote deals, and exclusive merchandise, phishers will use target your inbox, attempting to pose as a business. Therefore its best to avoid looking in your inbox, this will prevent one vector of having of having your financial information stolen.

2. Don't answer unknown calls: Companies normally don't call you, so you can be certain its a phishing attempt. Avoid calls and SMS text from unknown numbers at all costs.

3. Use websites with good encryption: A website that has a good content security policy is always recommended. HTTPS-Strict-Transport-Security, ensures that your browser connects through HTTPS only by default.

4. Install HTTPS Everywhere: HTTPS Everywhere is an extension for Chromium and Firefox. The extension forces encrypted connections with websites that are known to support it. I recommend using the default settings.

5. Use an Ad-Blocker: Ads can pose a problem by tracking your visits and some are malicious, by installing malware without having to interact with the advertisement at all. I recommend Ublock Origin, which is light on resources and is very effective.

6. Avoid phishing sites: Some sites attempt to look like a legitimate version of a website, look at the URL address, check to see if their is anything different compared to the real address. Also, don't click on advertised search results, these results are a prime vector for abuse.

7. Use Private Browsing Mode/Incognito Mode: When using private browsing mode, your cookies, history, and session won't be saved, this is an effective way at preventing access to your account, since your login sessions won't be saved.

8. Look over your shoulder frequently: Shoulder surfing is when a person looks over your shoulder to get information, counter this by looking over your shoulder at a frequent rate.

That's all for now, use these practices, and you will have a much safer shopping experience, thanks for reading!

A nota mental é a seguinte: eu tenho um conto e preciso terminá-lo. É sobre as “coisas da vida”, mas um verdadeiro escritor não tem a necessidade de explicar as coisas que escreve, certo? As histórias apenas saem da cabeça, formam palavras, organizam-se em parágrafos, ideias, blocos de capítulos até se tornarem um monumento completo. Mas posso dizer que sempre quis escrever um texto cujo personagem principal se chamasse Tomas. A vida é difícil para ele. Principalmente quando se trata do coração. Vive na bolha virtual criada por ele próprio — e quando essa bolha estoura, fica perdido. Ele vai em um encontro e descobre o último amor.

It's imperative that we protect credentials with great care, such as properly hashing the low entropy secrets with algorithms like Argon2 or Scrypt.

Multiple factors of authentication is important to protecting accounts. Such as having knowledge of a secret and in possession of something.

Despite properly implementing cryptography and management of credentials, there are still issues such as malicious third-parties attempting to gain access to accounts. And it's hard stopping that all together.

Just use CAPTCHAs! Hold your thought on that.

Usually it's still possible to attack a lot of services by trying well known “secrets” against a bunch of accounts. Some services attempt to prevent this with CAPTCHAs(official site).

One thing I've noticed is that CAPTCHAs are either accessible or sufficiently resistant to automated actions. Often it's not both. Sometimes it's neither! Even though I don't have any disabilities, I still have a hard time completing them.

Google's reCAPTCHA a lot of the time doesn't like Tor network activity often rejecting valid CAPTCHA answers due to “possible automated queries”. Usually the solution I found is to switch up the exit node. It's an issue with popular proxies and VPNs, not just Tor users. More information here.

Unfortunately I don't know of any decent free open-source privacy respecting alternatives to Google's CAPTCHAs.

So CAPTCHAs may not be the best choice.

My solution.

The foreign account.

For each set of credentials that is stored, there is also a unique foreign account associated with it, this could be a email, XMPP or phone number that the authentic individual is in possession of.

The data.

There has to be some sort of data sent to the foreign account to prove they have access to it. The data MUST be ephemeral and random. This could be a software token attached to a link where a few authentication attempts are permitted. Or a secret(e.g: 8 digit code) that can easily be typed in.

To securely store the data, and verify the foreign account access data, it must be hashed properly. Generally the secret is low entropy, so we should store it with Argon2 or Scrypt.

However if the data comes from a CSPRNG output with >= 128 bits of entropy, we use an easy to compute hashing function. Take the BLAKE2 hashing algorithm for example.

For defense in depth or as an alternative strategy: Use asymmetric cryptography to ensure only the authentic individual may access the data. This could be sent to the associated foreign account or given right away.

Example secret(easy to type in):

8 1 7 1 5 9 4 6

Example link(far less guessable):

https://application.network/authenticate/d96c7bf0c9faf4c2c80a2d7e087aa258

The locking mechanism.

Now that there are two very important pieces to the puzzle gathered, that being the foreign account and the data. We have one final piece to gather.

What are we going to do with those two pieces? They can be used as a form of two-factor authentication.

By definition “locking” means to apply that 2FA. Of course we could constantly apply it(preventing nearly all malicious authentication attempts), however ... we can try to make educated guesses to only apply the 2FA when it's possible there is an attack on the account.

Which means it's possible to make the accounts a lot more secure while retaining usability.

What do we lock, when and for how long?

We can lock an IP that attempted to authenticate and failed a certain number of times within a certain time period. If we lock an IP, it's global. Meaning that IP is not allowed to attempt to authenticate on any accounts without verifying foreign account access. This goes for whitelisted IPs as well.

There is one other way to handle IPs. Each account could have whitelisted IPs that avoid the lock(only if the whitelisted IPs aren't locked), while any unrecognized IPs are automatically required to go through lock, even if the IPs themselves aren't locked. This could provide some better security while still retaining some usability.

Another method is locking by account. If a certain number of authentication attempts fail within a certain time period, it'll be locked. Meaning no IPs may attempt to authenticate on this account. That includes whitelisted IPs.

The only effective way of defending against attacks is to use both methods. Locking by IP and account, preferably with the same allowed authentication fail attempts before locking.

We can't completely rely on the first method because most experienced attackers know that they can just switch up their IP with a proxy.

We also can't completely rely on the second method because one IP could just attack all of the accounts. Instead we use both methods to prevent both issues.

However it's better to only have the second method than to only have the first. And it's best to have both.

1. If an account is allowed 3 failed attempts within 24 hours, and an IP is allowed 6 failed attempts within 24 hours ... they can use one IP to attack two accounts.

2. If an account is allowed 6 invalid authentication attempts within 24 hours, and an IP is allowed 3 failed attempts within 24 hours, we can use two IPs to attack one account. This can be worse than 1) because more attempts are available to each account.

For how long the account or IP is locked could fixed, incremental(depending on how many times it was previously locked), or randomized.

There are a few other things to take into consideration. You could make accurate educated guesses by determining how many requests there are to authenticate with which IP, and which account. Monitor and automatically lock all accounts for a certain period of time if you're 99% sure there is a possible attack on a bunch of accounts and warn the users that there is probably an attack that was prevented.

It's one area I'm still exploring, how to accurately determine whether there are attacks ongoing. (Although from my understanding it's extremely hard, it would require a lot of math, possibly even an AI.)

This was my alternative for authentication forms. This isn't meant to replace CAPTCHAs, it's meant to avoid them as much as possible and provide a more secure and accessible solution when authenticating.

The most secure solution is to always apply the 2FA, use asymmetric cryptography and a high entropy piece of data, such as the software token attached to a link. But this is too inconvenient for average users.

Take note that if you're not already logged into your email assuming that's what you use for the foreign account, then the email service could require CAPTCHAs during the sign in process.

If you have any questions or you'd like to discuss anything, contact me via email, Mastodon, the forum, DEV.to or XMPP.

Apple Is Not Your Friend

Recently, Apple has been putting out many commercials with the slogan “privacy, that's iPhone”. While Apple can say they're for privacy, you really can't trust that they really are. You also can't rely that Apple cares about your freedom. I'm here to explain why.

First off MacOS and iOS are both proprietary/closed-source systems. Apple doesn't want you to view the source code of their software. This affects privacy, because if you can't view the source code, then you can't determine what Apple is really doing behind the scenes is good or bad. Another reason is, you are already making connections to services such as iCloud, and since these services are proprietary, you can't trust Apple to handle your data.

Apple also doesn't respect your freedom, Apple has does this by embracing DRM. DRM stands for Digital Rights Management, DRM restricts your ability to use your product, how you like, wherever, whenever. Apple forces people to use their store on iOS for security reasons. Except, this isn't security, this is really control. Apple has put themselves as the gatekeeper of your system, they want you to use it how they want you to use it. Apple also solders their ram in the latest MacBooks, this is not okay. The consumer has the right to make a decision regarding their product. It isn't Apple's choice of how I upgrade my system.

If Apple wants to be respected, here is what they need to do.

1. Let the user upgrade their hardware from other vendors without penalty

2. Let the user review the source code

3. Let the user install from other software sources on iOS

4. Stop using DRM through iTunes

5. Give better freedom towards experimenting with their system

Sources: https://gizmodo.com/apples-war-on-upgrades-continues-with-the-new-touch-bar-1789002979, https://www.defectivebydesign.org/apple

People sometimes claim that they have control over their content after they have published it, this provides a false sense of privacy. The only way to ensure that something isn't redistributed is by not publishing it. With the recent rise in popularity in federated software, it's even more important to make sure that users understand that deleting content is only done as a best effort attempt. Mastodon (and most other software in the fediverse) seems to give users the impression that they're able to delete their posts from the entire fediverse, what actually happens is a request is sent to other instances in the fediverse asking them to delete it from their servers, they're not forced to.

Something else people oftentimes claim is that you can keep content private by asking crawlers to not touch certain pages through the robots.txt standard. This is oftentimes portrayed as “banning” crawlers from your site, this couldn't be further from the truth. It's essentially politely requesting that the crawler not go to those pages.

What I hear when people say they want to be able to control their publicly published content is that they want what would essentially be DRM for social media, which would be ineffective, just like any form of DRM.

By posting something publicly, you need to acknowledge that there's a chance it may be crawled, archived, or indexed. Not acknowledging this will lead to you being disappointed when you find out that you can't delete your content off of the internet completely. If you don't want your content to be redistributed, you should think twice about publishing it. Anyone claiming that there's a good way to control the distribution of content after it has been published is misinformed.

In order to improve people's privacy, we need to focus on educating them about the importance of being cautious about what you post publicly online.

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

When I explained the myths surrounding Tor in my last post, I realized that in addition to outright myths about the protocol, inaccurate suggestions about how to use Tor properly are everywhere. This often includes worrying advice on connecting to Tor via VPN services, proxies, or other anonymity systems. So in this part of the “Slicing onions” series, I will attempt to clarify why you should not combine Tor with such networks and techniques and highlight the negative consequences if you do.

How This Technology Works

To help illustrate why combining Tor with other services is sub-optimal, here’s a recap of how Tor, VPNs and proxies work. Those who read the first blog in the series or are familiar with the protocols may skip this.

Tor Tor works by sending your traffic though a network of voluntarily run nodes (also called “servers” and “relays”) that bounce your traffic around three random nodes spread across the planet before reaching its final destination, a website for example. See below for a simple visualization:

To protect your traffic, Tor will encrypt your packets three times. Each node only has the key to remove its own layer. Once a node removes its encryption layer, it will be able to see which node the packets should go to next, and this continues until your traffic is decrypted at the last node, which forwards it to its final destination. The exact reverse process happens for return traffic, as shown in the graphic below:

So what do we learn from this? Well we learn that Tor allows us to connect to a website without any single party knowing the entire path. The first node knows who you are, but not where you are going; the second node doesn’t know who you are OR where you are going; and the last node knows where you are going, but not who you are. Because the last node makes the connection, the destination website will never know who you are (the IP address of the originating device).

Proxies A proxy is a server that acts as an intermediary for requests from your device to other devices or services (websites etc.). An anonymous proxy will not forward your email address to the destination site, so it can protect your privacy. It will always be possible for the proxy owner to know both where you connect from (your IP) and what you connect to (the destination website/server). Proxies do not necessarily protect your traffic with SSL/TLS encryption so unless you connect to the destination via HTTPS they can see your content too.

This shows a simple proxy server without encryption:

VPN Services Strictly a VPN (Virtual Private Network) is the extension of a private network across a public one. The best example of this is connecting to a corporate network over the internet to access applications and files at your workplace. VPNs are encrypted to protect the content in the private network from being accessible outside of the VPN.

VPN services that we may use as consumers are a little different. These are really just groups of encrypted proxies that we can pick from instead of connecting directly to destination sites. This hides your IP from the destination site as described above, and the encryption hides your content and destination from your local network and ISP (anything between your device and your VPN provider’s server).

VPNs suffer from the same weakness as proxy servers, in that the VPN provider will always know your IP and destination and HTTPS is still required to hide your content from them.

Here is a VPN server in action, note the connection from you to the VPN server is encrypted, but not the connection from there to the destination:

The Issue With Centralized Trust

Now that we understand how these technologies work I will explain why the last two are problematic in the context of anonymity. With VPNs and proxies, the entire path is known to the provider of the service. Therefore, your anonymity is only as strong as the providers promise.

Imagine letting someone you don’t know put a gun against your head and being fine with it, because for $5 a month they will promise not to pull the trigger. That would be crazy now wouldn’t it? What if someone else offers them $500 to break their promise? $5000? $5000000?

With Tor, the entire path will never be known, and the user will be safe; trust is distributed across all the nodes you use. It’s like giving one person the gun, another the bullet, letting the third hold a rubber chicken to your head, and not paying any of them any money!

Another benefit of Tor is that with more then 6000+ nodes spread across the globe, watching all traffic going in, and all traffic going out, is much harder and more expensive than watching the servers of a VPN provider (most have tens or low hundreds). If your threat model includes capable adversaries working to de-anonymize you, Tor will make that much less likely.

Why 3 is better than 1

Now that you understand the issue you should start to see why a VPN is not an option for anonymity. It can make tracking harder, but you still have to trust one single party. With Tor, you don’t need to trust any single party. So lets spell out the pros and cons:

1. Tor Pros: Hides your IP address; encrypts traffic, preventing local network or ISP snooping; and when using Tor browser, intelligently separates streams to avoid traffic correlation; free to use, which is a double benefit as it leaves no financial trail; easy to use with a simply app on Android or any desktop OS; most censorship can be evaded using bridges; fast enough to watch 720p and sometimes 1080p videos (nowadays!). Cons: Speed is often slower than a single hop VPN as depends upon all 3 nodes in your current circuit and is probably not going to play 4k video; some services block Tor nodes in a misguided attempt to deny access to bad actors, refreshing your circuit may find an unblocked node; exit nodes could snoop http traffic; torrenting will be slow and is strongly discouraged as it hurts Tor and breaks anonymity; no udp support (Signal requires this for VoIP calls).

2. VPN services Pros: Generally fast and low latency; most are easy to use with apps for any OS; hides your IP address and encrypts traffic to the VPN server, preventing local network or ISP snooping; usually fast enough to watch high res 4k videos; torrents will work; UDP is possible. Cons: Absolute trust placed in a single point of failure. Your VPN provider can see who you are and where you are going, and when not using HTTPS, the content of your traffic; leaves a money trail unless paid for with cash or cryptocurrency; provider sees your real IP address and could be pressured in cooperation by the local government to hand over data; VPN server can be hacked to retrieve all data; anonymity depends on policies and the security of a single server.

Why 2 is not better than 1

The worst piece of advice I commonly see is to use both Tor and a VPN. Tor is not intended to be run with VPN or in combination with other services. I absolutely do not recommend you to ever run Tor with a VPN. By doing so you essentially create either a permanent entry or exit node, which often also has a money trail. You also create more attack surface for near zero theoretical benefit. The two commonly proposed configurations are:

Tor over VPN. Here a user will first connect to the VPN server, and then connect to Tor. The most common rationale behind this setup is to hide Tor usage from an ISP or circumvent censorship of the Tor network. This is unnecessary as you can hide Tor usage and circumvent censorship by using bridges. You can either use the bridges that are included in Tor Browser for this, or request other bridges from in any of the ways described here. A bonus of bridges is that they don’t leave a money trail, which VPNs often do. The last blog explained that even if you were to end up on a watch list, it would be a uselessly large list as Tor has more then 2 million daily users. It strikes me as very naive to imagine that someone powerful enough to trace you over the Tor network will be stopped by a $5 a month VPN service.

VPN over Tor. Here a user will first establish a connection to the Tor network before connecting to the VPN service. The purpose of this is to reach services that are blocking Tor nodes. This setup may succeed in making access to such services easier, but it is terrible for anonymity for two reasons: VPN providers often know you from the money trail; and Tor splits all data streams across different circuits to prevent correlation of traffic as a means to de-anonymize users, but all of your traffic will come from the VPN provider’s IP, making correlation a LOT easier.

Conclusion

As you can see, in the vast majority cases where a VPN could be used, Tor would easily suffice. Not only is it free to use, it actually allows you to browse anonymously. This is impossible with a VPN service by design. A VPN is privacy by policy, Tor is privacy by design. This isn’t to say VPNs are completely useless; they do protect your IP address from the websites you visit; protect you from local network adversaries; and they also allow you to watch 4k footage.

Generally, you should be using Tor if anonymity and privacy are your goals, or indeed if you just want to help improve the availability of anonymity to others who need it and make mass surveillance harder. There is more to consider though: your IP address is just one of the many ways you can be tracked. Another threat comes in the form of browser fingerprinting, which is the topic of my next blog post: [Slicing onions: part 3 – Don't leave your fingerprint!]()

If you have feedback on this article, or would like to debate the topic with me, then you can reach me in any of the ways listed on my About page

If you run servers for public services, like I do with privacytools.io, you definitely want to monitor them for any successful logins to user accounts (via SSH, et cetera). The way I plan to accomplish this is to setup an automatic notification to the Pushover app on my phone in the event of any login. I'm going to implement this as part of PAM authentication, and configure it to fail any logins if the notification script fails for whatever reason.

If you want to implement this on your own server, I'll assume you already have a Pushover account and device setup, and an API key.

Create login-notify.sh, where we will store the actual script. I put it in /etc/ssh/ for example but you could put it anywhere:

#!/bin/bash

# Change these variables
API_TOKEN=abcdefg1234hijklmno567890pqrstuv
API_USER=vutsrqp098765onmlkjih4321gfedcba

if [ "$PAM_TYPE" != "close_session" ]; then
  TITLE="SSH: ${PAM_USER}@$(hostname -f) (${PAM_RHOST})"
  TEXT="$(date)"

  curl -s \
  -F "token=$API_TOKEN" \
  -F "user=$API_USER" \
  -F "title=$TITLE" \
  -F "message=$TEXT" \
  -F "priority=0" \
  https://api.pushover.net/1/messages.json >/dev/null 2>&1
fi

Just change API_TOKEN and API_USER to your own account's values. You can also change priority=0 to another value if you'd prefer more or less intrusive notifications.

Make your script executable:

chmod +x login-notify.sh

And add the following line to the end of /etc/pam.d/sshd:

session optional pam_exec.so seteuid /path/to/login-notify.sh

We made this optional mainly for testing purposes. You can leave it as it is, or change it to required after you've made sure it works to prevent logins entirely unless the script runs, if that is what you want.

Try logging in to SSH and it should send you a notification!

In theory, this method can also be applied to essentially any /etc/pam.d/ module. For example, you could add that last line to /etc/pam.d/login for notifications on TTY logins.

Thanks to this answer from Fritz on Ask Ubuntu and this post on Nology for guidance with the script.

Discuss this post on the Privacy Forum

#sysadmin

Family Privacy: Part 2

In our last discussion, I discussed about using Firefox to protect your privacy. Now, I will be talking about GNU/Linux, and how to you can get started.

What is GNU/Linux?, GNU, was started by Richard Stallman, and is run by the Free Software Foundation. Linux is a kernel, created by Linus Torvalds. The Linux kernel helped fill in the gap, that the Free Software Foundation had yet to fulfill. That is why any system using GNU software, and the Linux kernel, is called GNU/Linux. Many People just call it Linux, but this isn't technically correct, as Linux is just the kernel.

You may be asking. Why should I use GNU/Linux over Windows? Here are my reasons on why you should make the switch.

1. Windows does not respect your freedom:

When you use Windows, you are using an operating system that is controlled by a software giant. Microsoft has many examples of not respecting the freedom of its users. Like when Microsoft employed DRM in Windows Vista, that controls what people can do with their media.

1. Windows is closed source:

Windows is a proprietary operating system. Microsoft does not want you to know what Windows is doing behind the scenes. Because of that, you cannot trust what Windows is doing.

1. Windows invades your privacy:

With the release of Windows 10, Microsoft has added many privacy invading functions in the operating system. There is location tracking, native advertising, and more. With Windows 10, you have become a prime target for tracking.

Here is a list of the benefits of GNU/Linux.

1. Your freedom is respected:

With GNU/Linux, its your system. You can do whatever you wish with it.

1. GNU/Linux respects your privacy:

You shouldn't have to worry about user tracking. With GNU/Linux you are free from tracking.

1. Open-Source:

GNU/Linux is open-source, so you can look and see what is happening with your operating system.

Now on to getting started. My recommended distribution is Linux Mint. Mint provides a familiar desktop, for people who use Windows. Mint comes with support for multi-media out of the box. Mint is based on Ubuntu Long Term Support Release, so you get a stable experience with Mint. To get started download a ISO file from https://linuxmint.com. Next, write that image to a disk, or USB drive. I recommend balena etcher for writing to a USB drive. Then, boot into the live environment. Select what how you want to install Mint. If your family member won't be missing Windows, then select erase disk and install Mint. If your family member still needs Windows for some applications, then select install Mint alongside Windows. Follow the instructions in the install prompt. After that, you should be ready to go.

Note: For laptops, make sure you check “install third-party components”. The third-party components contain software and firmware, that allow your laptop to connect to Wi-Fi, and more.

Thanks for reading, I hope this was informative for you. Stick around for part 3!

Resources: https://fsf.org/, https://linuxmint.com/, https://www.fsf.org/windows/upgrade-from-windows#abuses, https://www.balena.io/etcher/, https://fossbytes.com/install-linux-mint-19-tara-guide/, https://www.fsf.org/about/what-is-free-software

The Tor network is an anonymity system designed to protect the privacy and anonymity of its users. Unlike a VPN service, Tor is both free to use and decentralized. Sadly, there is plenty of misinformation around about Tor. This post aims to clearly explain Tor and to debunk various myths surrounding it.

How does Tor work?

The Path Tor works by sending your traffic over a network of thousands of voluntarily run nodes (sometimes referred to as relays). Each node is a server that is run by volunteers to help you improve your privacy and anonymity. Every time you connect to Tor, it will choose three nodes to build a path to the internet; this is called a circuit. Each of these nodes has its own function:

• The Entry Node: often called the guard node, this is the first node your computer connects to. The entry node sees your IP address, but does not see what you are connecting to. Unlike the other nodes, the Tor client will randomly select an entry node, and stick with it for 2 to 3 months. I’ll expand on the reasons for this in a future blog.

• The Middle Node: the second node to which your Tor client connects. This node can see which node traffic came from (the entry node) and which it goes to next. It does not, however, see your IP address, or the domain you are connecting to. This node is randomly picked from all Tor nodes for each circuit.

• The Exit Node: is where your traffic leaves the Tor network and is forwarded to the destination domain. The exit node does not know your IP (who you are) but it knows what you are connecting to. The exit node will, like the middle node, be chosen at random from the Tor nodes(if it runs with an exit flag).

A quick visualization:

The Encryption Tor will encrypt each packet three times, with each key in turn from the exit, middle and entry node in that order. Once Tor has built a circuit, browsing is done as follows:

1. When the packet arrives at the entry node the first layer of encryption is removed. In this encrypted packet it will find another encrypted packet with the middle node’s address. The entry node will then forward that to the middle node.

2. When the middle node receives the packet from the entry node, it too will remove a layer of encryption with its key, and find an encrypted packet with the exit nodes address. The middle node will then forward the packet to exit node.

3. When the exit node receives its packet, it will remove the last layer of encryption with its key, and find the destination address that the user wanted to connect to, and forward the packet to that address.

Here is an alternative visualization of the process. Note how each node removes its own layer of encryption, and when the destination website returns data, the same process happens entirely in reverse. For example, the exit node does not know who you are, but it DOES know which node it came from, so it adds his own layer of encryption, and sends it back.

So what do we learn from this? Well we learn that Tor allows us to connect to a website without any single party knowing the entire path. The entry node knows who you are, but not where you are going; the middle node doesn’t know who you are OR where you are going; and the exit node knows where you are going, but not who you are. Because the exit node makes the connection, the destination website will never know who you are (the IP address of the originating device).

Myths and facts.

Although Tor is one of the best ways out there to protect your privacy and security these days, it sadly suffers from a bad reputation. This is the result of a number of myths which we’ll now attempt to debunk:

1. But Tor was created by the US government, it must have a backdoor! Tor was not written by the government. Tor was written by Roger Dingledine, later on joined by Nick Matthewson, with the funding from the Naval research lab through Paul Syverson. The claim that that it must therefore contain a backdoor does not hold up for the following reasons: First of all, the US government uses Tor to hide its own activities online; if it had a backdoor, it would not be safe for them to use. One could argue that they could make their own anonymity systems, but this wouldn’t be effective. If the government would build their own system, and only let themselves use it, then ALL traffic is known to be automatically CIA/NSA/FBI traffic, making it pointless to use in the first place. One must not forget that you cannot be anonymous alone, you need similarly anonymous peers to form a crowd for you to blend into. The more people you throw into the mix, the harder any individual is to find.

2. Tor will get me on a watch list! The claim that using Tor gets you on a watch list in a western society makes no sense at all. Not because it won't ever happen, but because it would be useless in the case they did it. Analysis shows that the Tor network gets as many as 2 million users a day. That’s a huge list, big enough that targeted surveillance is no longer possible, and governments would have to rely on mass surveillance. Hey, mass surveillance, wasn’t that already happening somewhere? Oh yeah, it's called the internet! The only place where using Tor could be dangerous is in nations with an oppressive government, but in that case a VPN is just as likely to arouse suspicion and get you on “the list”. Also with Tor, one can try to avoid detection by using bridge relays, which are entry nodes that are not publicly listed. Finally, it is worth considering what use of Tor protects you from, and whether that is more important than what the theoretical list would expose you to. It’s a little like thinking that using HTTPS will get you on a list, so you will no longer use HTTPS to protect yourself.

3. But exit nodes can do spooky stuff with my traffic! This one is partially true, although your traffic is encrypted while entering and traveling through the Tor network, the connection between the website and your exit node is not. If I were to login into a webpage using HTTP, an exit node could intercept my password. And while this was a big issue in the past, the massive adoption of HTTPS, which went from 67% of all websites in 2017 to 77% in 2018 , has made most manipulation done by the exit node impossible, as the exit node will only see an encrypted HTTPS packet that it has to forward, so even it does not know what the packet contains.

4. But the government can set up a lot of nodes to de-anonymize people! While Tor is indeed not a silver bullet, setting up a lot of nodes is a very unlikely attack, that can either be fairly trivially detected, or become VERY expensive, depending on how it is done. First of all to really DE-anonymize someone this way, you need to at least have the entry node and exit node of a Tor user. Remember when I explained above that entry nodes are chosen once, and are kept for 2/3 months? This is exactly why: if the government wants to become your entry node it has N% chance to be picked by you out of 6000+ nodes. If I am lucky, and pick a non-government node, the government will have to keep all their nodes running (costing lots of money) for at least two months before they get another chance of becoming your entry. Also it takes At least 8 days, maximum of 68 days before it gets up to full speed, to become a Guard node, as you see, this is slow, expensive, and generally a very unattractive way of finding a Tor user. While yes, they COULD do it, it wouldn't make sense for them to do it as there are a lot of attacks out there that are a lot cheaper to execute and try out. In the Tor stinks slides that were leaked in the Snowden documents, it was stated that they could de-anonymize a very small fraction of people, but it can not be used to target specific people on demand. which makes this expensive attack, not worth it in a real life scenario.

5. But Tor is only used by criminals on this thing called the dark web, we should not support it! Firstly, while Tor can be used to reach websites anonymously on the “dark web”, the VAST majority of Tor traffic is used to reach normal websites. While some people are convinced Tor is enabling pedophiles and should be taken down, this is not a solution and will not help anything. If you take away Tor, all that would happen is that criminals will use another (illegal) medium to conduct their business, where an activist in Iran may be killed and tortured without the protection of Tor. Tor may be a two edged sword, but the side of the benefits to society cuts a whole lot sharper then the criminal side.

6. I heard attack XYZ can break Tor! As I said above, Tor is no silver bullet, there can be attacks out there that could be used to try and de-anonymize Tor users. But it is currently the best we have, and as Tor grows, with each user and each new node, attacks become harder and more expensive to execute. All we currently know is that in 2013, as part of the Snowden leaks, the NSA was not able to reliably trace Tor users.

7. But what about this drug market that got busted? It was hosted on Tor! It is true that there are certain individuals that abuse Tor to hide illegal websites, and many have been caught doing it. However, in each and every one public case of a take down, Tor was not the cause. One has to understand that even if your connection is anonymous, other things might be not. Tor is not magic security dust, it will not make your server “unhackable”. Software bugs are still a thing, government infiltration is still a thing, and simply user error is still a thing. These tactics are WAY cheaper, and also often a lot easier, to execute then any attacks directed at Tor itself.

8. But Tor is funded by the US government! This one is partially true. While most current funding of the Tor project comes from the US government, people first have to realize that again, the government uses Tor themselves, so it makes sense for them to fund its development. Secondly, the US government is enormous, and it makes perfect sense that one part of the government is trying to improve it, while the other part wants to break it. Furthermore it's worth mentioning that the Tor project is actively trying to diversify their funding sources, with success. In 2015 85% of Tor's funding came from the US government, it went down to 76% in 2016, and even 51% in 2017. Do you want to help out diversifying Tor's funding even further? You can do so by heading to their webpage, by donating you will help their important work. It is also worth mentioning that all Tor code is completely FOSS, all discussions and meetings, all research, everything the Tor project does is transparent and available for anyone online to crawl through and investigate; meaning that if the Tor project were to do something sketchy, people can see it.

So you are saying Tor is unbreakable?

No, Tor is, like I mentioned above, not a silver bullet. While it is currently the best option we have, there are certain attacks that could be used against Tor (like traffic confirmation attacks) to try and de-anonymize its users. For this however, other technical measures can be taken to protect yourself further. What Tor is though, is a way to make mass surveillance so expensive, so hard, that governments will now have to scale down, and focus their resources on specific targets, essentially dumping mass surveillance. And that is the power of Tor.

Where to next?

Now that we got most Tor myths out of the way, we can move on to the next post in the Slicing onions series. Here I will explain how Tor relates to VPNs, what their use cases are, and when you should use one above the other: Slicing onions: part 2 – Onion recipes; VPN not required

About the author Other articles by this author

Pointing Your Family In A Private Direction

Many of our family members use online services such as Facebook, Twitter, and Instagram. Today I'm going to give a brief rundown about taking your family in a better direction. I'm going to start with web browsing. In a second part, I will discuss about private messengers. So lets get right down to it.

Web Browser: A web browser, is an application that displays content on the world wide web. Many browsers have come and gone, but the popular ones active today are, Firefox, Google Chrome, Internet Explorer, Opera, Safari, and Microsoft Edge.

Many people in your family may use Google Chrome as their primary browser. However, many people are unaware that Google Chrome employs tracking to know more about you such as, your location, what you've recently visited, and your favorite things. Talk to your family about these concerns, and talk to them about trying out Firefox. Firefox is a web browser from Mozilla, an organization that has many people who strive for an open, and private web. Firefox supports a wide range of add-ons that can be used to help protect their privacy. Facebook container can restrict Facebook from tracking you around the web. Ublock Origin, can help block trackers and ads while you browse. Firefox also offers their own tracking protection in the browser. Firefox offers sync, to allow your family member to use their profile across their devices.

There are many more add-ons out there, visit addons.mozilla.org to get started. You can also visit support.mozilla.org, and walk your family member through the basics.

Stick around for part two!