Cevilia (they/she/…)When people recommend Brave browser.
xiiiI’m surprised to read the whole thread and nobody mentioned that TorBrowser is the goat for daily anonymous browsing.
A_Random_IdiotI thought people gave up on Tor years ago when it was revealed that it wasnt as anonymous as people expected due to the number of entry and exit nodes controlled by governments and spy agencies.
The NSA wasn’t able to break Tor fundamentally, even with spanning numerous exit nodes to intercept traffic, and high-scale traffic correlation between enter and exit nodes
“We will never be able to de-anonymize all Tor users all the time.” It continues: “With manual analysis we can de-anonymize a very small fraction of Tor users,” and says the agency has had “no success de-anonymizing a user in response” to a specific request.
NSA and GCHQ target Tor network that protects anonymity of web users
• Top-secret documents detail repeated efforts to crack Tor• Tool is funded by US government and relied on by dissidents and activists• Agencies have failed to break core security of network but have limited success in attacking users' computers
Do we trust a 12 year old article sourced from the government to be honest about current/past capabilities? Genuinely asking.
In this case I would. Its from the Snowden leaks and from the government for the government, never intended for our public eyes.
Also if you don’t fully trust tor, just add another layer (e.g. VPN). If the government dissuades you from secure open infrastructure and gets you to use closed ones, they have won because companies can always be forced to comply. Algorithms on the other hand, can’t.
who and what is your threat model? as @[email protected] pointed out this article was probably rather accurate.
if you just want to browse anonymously - it is likely, that even the biggest tech corpos can’t de-anonymise you.
if you do small time crime, like buying and selling contraband - likely law enforcement would try to catch you in the real world. you have more vertices and vulnerabilities there, different enforcement agencies are experienced exploiting these.
if you paint a big ass target on your back and get the interest of the CIA or similar - you are probably fucked one way or the other. they may have the ability to de-anonymise you. but if you listen to people that did get caught or do the catching (e.g: darknet diaries), most of the times it is a small mistake. if you only ever play defence, that is enough to loose the game. but what are your options if your adversary is a national agency?
This question is unironically very deep. As it’s privacy we’re talking, you decide what to trust on your own.
My understanding is that Tor provides anonymity for my threat model (ad-tech corporations).
But trust need to be placed somewhere. Do we trust Mozilla? All their emploees? Do we trust OSS? Does anybody actually review open-source code? What about supply chain attacks?
I am, a nobody, was personally invited to a Contagious Interview (a person, pretending to be a client for consulting was trying to place a rootkit on my machine via GitHub repo).
What about AI-assistet coding that actively tries to eliminate security gates?
M1k3yThat you’re even suggesting this tells me that you don’t use tor regularly. Many clearnet sites dont want to be accessed through tor and will just block you. If you encounter any recaptchas thats basically a dead end. The time from opening the browser to having a fully loaded site is minutes.
If you don’t plan on doing serious crimes and your not an opposition leader in a totalitarian state, tor is not a good default browser.
I missed that part
The time from opening the browser to having a fully loaded site is minutes.
I think it depends on the region. To me, full browser restart with reconnect is maybe 10 seconds tops, usually less. I use Tor Browser as a default one on my phone, and it opens random links quite okay.
For me, the main issue is exit node blocking, then I need to restart the browser 1-2 times.
Tor is ridiculously slow for daily use.
You should never use TOR as a daily driver.
People often think that Tor is entirely anonymous but this is not true, you can be deanonymized. There has been cases before where law enforcement used patterns and traces left behind by Tor users to track down their real IP address, and thus their real identities. This has been mostly done to track down criminals, but the point is that it’s not only possible, but it has been done before.
It’s generally best practice to only use Tor sparingly in situations where you really need anonymity, and when you do use it, you should make sure to never use any information that could lead back to you in any way. Using Tor as a daily driver to browse the clearnet is malpractice. Not only do you risk being deanonymized due to your browsing habits, but you will also stick out like a sore thumb in traffic because while everybody else is driving a car to visit these sites, you would be driving a heavily armored tank.
If you plan to use it more leisurely anyway then at least stick to onion sites and communities that are designed for Tor’s anonymity. Though, I don’t recommend using Tor regularly unless you’re either a criminal doing some shady business, a whistleblower or a journalist dealing with sensitive information, an individual who wants to bypass heavy government censorship, or someone who’s being targeted by a state (and believe me, if 3 letter agencies want to track you down, then they will). I don’t think you’re any of these.
If you’re just someone who wants a strong, private browser for normal usage then download something Ironfox and pair it with a good no logs VPN service like Mullvad. That’ll be more than enough for the vast majority of people.