Remove the Tor Browser from the recommendations because it's a security catastrophy and puts people at risk #296
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#296
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
And before you laugh at me, here are some leading experts in infosec, cryptography, ... advising against it because of its laughable security:
@dguido [emphasis mine]
https://georgianpartners.com/the-problem-with-the-tor-network-and-commercial-vpns/
https://twitter.com/dguido/status/523238566294732800
https://twitter.com/dguido/status/494571338821279744
https://twitter.com/dguido/status/844196671747776514
https://twitter.com/dguido/status/755102215795273728
https://twitter.com/dguido/status/803840526260797440
https://twitter.com/dguido/status/803845309373808640
@thegrugq
He has an article on the Tor Browser Bundle in his medium: https://medium.com/@thegrugq/tor-and-its-discontents-ef5164845908#.6gwjjg57l
@matthew_d_green
https://twitter.com/matthew_d_green/status/830609724106276864
@tqbf
https://twitter.com/tqbf/status/830511154950766595
"An extremely commonly held position among experts: Tor Browser is the least safe common browser." was even retweeted by @rootkovska
And even their defenses against exploits are utter complete fails,
@halvarflake's presentation on exploit mitigation,
Important take-away: "users may choose Tor Browser over better alternatives. Verdict: Near-zero or negative benefit"
AS Thomas H. Ptáček @tqbf SAID YOU'RE HURTING PEOPLE BY PUSHING THEM TO THE LEAST SECURE BROWSER IN THE MARKET.
NOTE: I'm NOT arguing against using Tor (although @dguido makes very well thought arguments about making own VPN with AWS or DigitalOcean is far better), I'm arguing against using the abomination that is the Tor Browser.
SOLUTION: Recommend Chrome with own made VPN (here's an easy guide that I recommend https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-that-works/ using Algo - which is better than Streisand - https://github.com/trailofbits/algo/)
I'd recommend avoiding TPB completely for most uses, but that's just my opinion.
Tor is a high-value target that's sponsored mainly by the US government, and whoever controls 51% of the few nodes controls over 13% of all circuits.
But, like everything else, this depends on your threat model. Tor is perfect for some people.
@C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N thoughts?
@Shifterovich
Wrote a comment addressing some things there here: https://github.com/nylira/prism-break/issues/1760#issuecomment-317050248
AFAIR OTF is the one that gives the majority of the funding for Tor Browser development, unless you consider the OTF to be part of the US gov, and unless you include other projects that are/were sponsored by OTF such as Qubes OS, then that argument doesn't hold.
How did you work out this calculation? It doesn't make sense.
So a couple things ... I would do a long explaination but I feel like you are just another person trying to evoke some emotion and trolling on purpose, hence why you already deleted your account and not trying to engage in an actual conversation. Also, you are quoting a lot with no actual proof of anything. For a very technical user base, why do we resort to no proof?
@C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N has a good link with some of the debate there.
So first off. Why don't you just abandon the PrivacyToolIO project ... every project is gonna be insecure. Why even have this project at all? I can just go back to a life of giving up my privacy and security and not worry about a thing. Why is Windows so flawed and a security concern? Because lots of people use it, too much effort to move to another OS, etc. So where does Tor Browser stand then? It's because lots of people use it, too much effort to move another OS .. you get the point. And isn't this project about taking back some of their privacy and security? This is a starting point for people; taking back privacy comes in steps not full blown commitments. First the Tor browser on insecure OS, then a more secure OS running Tor browser, then maybe Tails.
Second thing. Tor Browser is run on Firefox 52 ESR. ESR meaning Extended Support Release, which focuses on security and bugs and less on features. If you actually did some research, why would you would say or quote someone who knows nothing about browsers "It’s also because it’s out-of-date and because it’s easy to exploit, people do exploit it.". Exploits happen because of setup errors. JS, out of date OS and other software, etc.
Third thing. Understand the use of Tor. It is not meant for everyday use but more to provide temporary anonymity. Anyone who understands security or takes a course knows the purpose of security - textbook definition - security is to provide a degree of resistance to, or protection from, harm. The purpose of security is to deter targets that have neither time, effort, or money. Security isn't perfect nor is it absolute. Tor browser is exactly that, allowing users to protect their identity from targets that have neither time or effort or money to gather, exploit, and reveal their identity in that immediate instance.
Fourth thing. "Sticking out like sore thumb". Again, another "proof"-less argument. All Tor browsers carry a similar fingerprint so they all may stick out BUT together so you can't identify whose who.
Recommending Chrome and a VPN to reclaim privacy. Why don't I just drop all this privacy nonsence and go back to my normal life? Chrome calls back to Google and a VPN always sees who you are; so what's the point of this project again?
Anyways, @Shifterovich, if this position of removing Tor and the Google/VPN combo is actually considered, I'd consider not running this project anymore. There's absolutely no point, it's just a waste of time and wasted effort. We all complain about Signal revealing your phone number but the ultimate reason is to provide solid security and privacy for those who wouldn't know better. And Tor Browser is the same way, providing an easy to use solution for people who absolutely need it; for the rest of us, we will always keep up-to-date with the news, stay above the curve, and use solutions that maybe inconvient for others.
We shouldn't focus just on the tools that provide a lot of usability. We should recommend the most secure options as well.
I wouldn't trust anything that runs on Android/iOS, but again, we're trying to cover the whole spectrum of threat models.
Tor is perfect for some, awful for others. We shouldn't remove it, but we should recommend good alternatives.
When you have only one choice (in this case the Tor Browser, which as mentioned in my other post is the only browser that has good defenses against browser fingerprinting and for first party isolation) the answer to that question becomes straightforward isn't it?
The alternative suggested by OP is to setup leaky Chrome with an own made VPN, do you really think that can provide a good alternative?
Tor network is for anonymity. From the grugq article:
Google Chrome, with MS Edge, is the less private browser ever made.
I see no privacy in those services.
Algo is a VPN installer. You can place the server where ever you want. It has convience methods for those cloud providers but it works just as well on your own server.
I'm not sure the value of a privacy technology if using it results in compromising your security.
I see Algo VPN is based on Ubuntu.
@C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N
Imagine two groups of nodes: those controlled by one party, and the rest. That one party controls 50% of all nodes, so the chance that you'll pick either group is 50%. The chance that you'll pick the group again is 0.50^2. The chance that you'll pick the group yet again (Tor's case) is 0.50^3.
Note that the chance lowers by a single node each time, since you won't use the same node for one circuit twice/thrice (so it's
controlled/total * controlled-1/total * controlled-2/total).Obviously, to apply this to my previous example, just change 50% to 51%.
Note: I hope my math is correct.
Well the problem is much tougher than you make it out to be and I guarantee the website as of right now can't handle that information. Right now, the website just has a bunch of links to possible software you can download. Just like preserving your privacy, security is a process. Tor Browser is as secure as the person using it so I'm not sure how Google Chrome + VPN is anymore secure and private for a person. Yes, Google Chrome is secure but it's just not private; that's the whole reason why we tell people not to use Facebook and Google yes? Like come on man, you're not even trying anymore. If the whole project is security, I'd trust my life with Google & Facebook yes? I can trust Google will make an effort to write secure software because they are the biggest targets to the world. But this is also a privacy project, which funny enough, they don't provide.
I can be on board with Algo because it's neutral - it's open source software and can be deployed anywhere/in your control. When you really say Tor should be removed, I'm not sure if you've given up on this project or not. Unlike a VPN, Tor Browser attempts to solve that problem that VPNS have -> the identity behind whose using it, well unless you use it incorrectly. Anyways, no more ranting, if you plan on making it a security project as well, I better see written up guides on how to harden a system because I sure as hell know that downloading some software doesn't make you anymore secure ..
Using your own VPN has very few privacy advantages compared to a commercial VPN.
Well, I'm not sure we're even talking about the same thing anymore. You here talking about setting up own VPNs when we were just talking about removing Tor Browser. Anyways, that's why it's called a privacy spectrum. For those who want true privacy (aka have their information & identity selectively revealed), they will go for setting up a personal VPN. By doing this, they know what goes into the setup and what they are running. It may use their ISP BUT the ISP and anyone looking only know where they have been but not what they are doing or information that is passed. So textbook definition of privacy basically.
When you choose a commercial VPN, your trading in this ISP knowing where you went for another entity knowing where you have been. You also trade the ability to know for a pure fact that what you are doing will not be used against you in the future, whether it is secure, whether it is what they claim to be. You are also trading in money for them to "promise" that they do this; which I will link to later but a Redditor exposed ExpressVPN for being in 100+ countries when really they just ran AWS or cloud setups.
So when you say "Using your own VPN has very few privacy advantages compared to a commercial VPN.", I'm actually really confused and very doubtful to take your advice. I realize that you have a certain setup and defending against certain targets but when you say a commercial VPN has more advantages, I'm not sure if you are actually looking out for people who want pure control of their privacy. If you are willing to trade some privacy for a certain target to not know what you are doing, fine. But don't go saying, there are few privacy advantages, when literally the definition of privacy is (https://en.wikipedia.org/wiki/Privacy) "ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively. "
It's almost like certain people in this thread don't realize that everyone's tradecraft is different and different people need different tools for different things.
Crazy.
@Shifterovich
Thanks for clarifying. However note that controlling 50% of nodes doesn't mean that a random user will have a 50% chance of happening on one of your nodes, Tor picks nodes based on their consensus, which depends on its calculated bandwidth and other factors. For more accurate figures you may find this blog post informative, https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters
@C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N Indeed, there are other factors, but still 3 nodes is bad.
Isn't Algo a self-hosted VPN? When a hundred people connect to one server, and a hundred connections are coming from the server, there is some privacy compared to you connecting to a middleman that only you use. Evades ISP monitoring, but if your threat model includes the government, it's useless.
You're thinking anonymity. Not privacy.
Big difference.
Am I? If the government can see your traffic, how's that private? Not to mention that VPS providers generally focus much less on privacy than VPN providers. I can imagine a self-hosted VPN being secure, but definitely not private. A self-hosted VPN can be as bad as a logging commercial VPN.
So if I live in Turkey but have my VPN endpoint in Austria or Germany how exactly is the Turkish government going to passively monitor my traffic.
Even if I had it in Sweden my point remains the same.
Also the problem with a VPN service as an anonymity tool is that it's a trust based service.
You're trusting that these services are not hacked and/or logging.
VPNs weren't designed with anonymity in mind, we turned that into a service later down the road.
As far as the "Tor is broken" comments go, unless a user connects to all three nodes they can't decrypt the traffic.
And while that has happened in the past, the fact that a Gov or any other entity can't actively select and then deanonymize any user they want means that it works.
As to quote per the NSA slide documents Snowden leaked: "We can deanonymize some of the users some of the time, but never all of the users all of the time. And we can't pick and choose who we deanonymize."
That's not even bringing in the point of owning your own private obfuscated Tor bridge.
Or the fact that even if they do decrypt your traffic it'll only last for 10 minutes before you're on a new circuit route.
So basically if you're going to scream Tor / TBB is broken you're going to need to actually provide a source on how it is instead of quoting other "security experts" who also quote no other sources aside from "haha google it".
The fact that political relationships make paperwork hard between some countries doesn't mean it's secure. The fact that your government can't monitor your activities doesn't mean it's private.
Compared to a VPS provider that may log all traffic.
Typically when people talk about privacy they're talking about from their own Government and/or from companies like Google or whatnot.
Also VPS providers do typically log traffic.
However the difference between a logging VPS provider and a logging VPN provider is that your VPN provider if actually moled or hacked has a better chance of actively colluding with Government than some random VPS provider does.
I don't think the Turkish Gov is going to walk up to every VPS service hosted offshore and say "hey we want to spy on such and such user because reasons give us their traffic logs" because they'd likely be turned down.
If I was doing illegal things that would be an entirely different story.
But were on privacytools dot io talking about everyday privacy from things like your own ISP.
At the end of the day it really just depends on what you need for your personal setup. But you can't actively say {insert thing here} no good and to only use {insert thing here} because your trash might be my treasure and my threat model is not the same as yours.
@aediot
Depends on the threat model, but in some cases that may be bad. As Roger mentions in the blog post on Tor's anonymity and guard selection parameters,
I can imagine that running your own private bridge will make you even more fingerprintable in some of these attacks.
Or the fact that in the Tor Browser you get a unique circuit for each first party domain, makes correlation attacks less dramatic ;)
Also be sure to quote security experts who know that Firefox' ESR receives security updates, and that Firefox (will (depending on the platform)) implements sandboxing (Firefox 52 and upward uses Chromium's sandboxing code for Windows, for Linux content sandboxing landed only until Firefox 54, but TB developers are looking for backporting that code to Firefox 52).
I agree. Depends on your threat model.
But on the alms of privacy and even anonymity someone "knowing you're the same user" isn't as bad as "know who you are" in most use cases.
On top of which I was speaking about having one bridge {that you own} instead of three provided by the Tor project.
And if you land on two nodes owned by the same person your traffic won't be completely decrypted because of your owned bridge.
My point was just to say there's a lot you can do to avoid being deanonymized as opposed to saying "Tor is broken because {insert gov here} might own a lot of nodes".
I2P is better...
Even if I don't like java
I2P is the network, not the Java client. There are many implementations, such as i2pd.
@alugarius
I2P is a self-contained network, it's not meant for clearnet browsing, see an interview by I2P's current lead dev zzz here.
@privacytoolsIO @Shifterovich @bakku @kewde
What else is there to add here? Also take a look at the related for more info if needed: https://github.com/nylira/prism-break/issues/1760
Like I said, Tor is perfect for some, awful for others. We recommend tools for different threat models and it's up to the user to decide.
We're not gonna remove Tor, so I'm closing the issue.
Not an issue with Tor itself, but https://twitter.com/torproject/status/898256109789687808
Where's the issue in that?
How dare they think that racists are bad people.
That's outside the field of Tor Project IMHO
If some bad people is using Tor, it's the law that should look at them, not the Tor Project.
They present Tor as a tool to evade censorship, yet they support censoring speech they don't like. They feel using Tor as a platform for free speech is using it for vile purposes.
@aediot Well they're fine with all the other crime, yet freedom of speech is an issue?
@Atavic Except there's no crime here, but they're fine with real crime.
They strictly say that they're not censoring them in the article and that they're going to defend their rights / can't do anything about it. They were just grandstanding that they hate them.
However I will give you that point of them not calling out other crime.
Whoever put out that blog post needs to be fired because of that point alone.
I was referring to the other tweets, not the article itself.
They can't, but saying that freedom of speech disgusts and angers them and that censorship evasion when they don't like it is a vile use is not a good thing for an anti-censorship project.
So if I like freedom of speech I can't say any ideas are horrible and vile? What?
Isn't that like.
The whole point.
Or something?
If anything the fact that they disagree with them and don't do everything in their power to shut them down is arguably even a better look for them.
They said the use of Tor is vile here.
Except they can't (can to some extent, but it won't last). And it's a suicide.
Uh....?
Right......So how is this damning in any way? Protectors of free speech aren't allowed to disagree with ideas and find others horrible even if they defend their right to say it? 🤔
There are some vile purposes for sure. But I didn't know free speech is a vile purpose. Not a good way to feel for an anti-censorship project team.
Do you support free speech? y/n
Yes, for everyone. Even for Tor Project. And for myself to point out Tor Project's hypocrisy.
Do you think racism is a vile thing? y/n
Yes, for everyone (even Palestinians).
Yes. Do I think using Tor Project to evade censorship of racist journalism is vile? Not at all.
The content of the speech is irrelevant to its freedom.
So if you run a Tor node and someone uses your Tor node to actually say that someone is inferior to them because of their genes are you really going to tell me that you're not going to wish that they didn't think that way on your network?
At the end of the day the Tor project is allowed to think whatever the actual hell they want. They could think the sky is purple for all I care. They're not enforcing action against dailystormer. Which means they defend free speech even though they hate racists.
So what was your point in all this again?
They don't hate racists, they hate when racists evade censorship which is hypocritical for an anti-censorship project.
So? Who cares so long as they're not enforcing their own beliefs on others?
If you're volunteering to help protect freedom of speech, yet don't realize you might not like some, then you haven't thought it through.
What's wrong with the content on The Daily Stormer? I mean, as long as they're not enforcing their own beliefs on others, who cares?
But I do realize that I might not like some.
And I run one anyway.
I'm allowed to hate them so long as I defend their right to speak.
Not going to wish that at all. Again, the content of the speech is irrelevant to its freedom.
I mean you're free to not think pedophiles using the Tor network is vile. That's your prerogative.
I still run a Tor node anyway knowing that people who actually need it for good reasons will use it.
Again lots of nonsense here,
@Shifterovich
They literally said in the blog post, "Tor is designed to defend human rights and privacy by preventing anyone from censoring things, even us."
Dailystormer isn't a platform for free speech, it's a neo-Nazi racist white-supremacist site.
Where did they say that they were fine with other crimes?
Where did they say that Dailystormer was engaging in criminal activity?
@aediot
"We feel this way any time the Tor network and software are used for vile purposes."
I think the argument was that they've not put out any blog posts calling out crimes but they put out a blog about white supremacy.
@C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N Politically leaning about Freedom of Speech?
Most of the questions in this issue are purely rhetorical.
@C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N
feeling != calling out
@Atavic: "If some bad people is using Tor, it's the law that should look at them, not the Tor Project."
Crimes, not other crimes. Saying racist stuff isn't a crime. They didn't, but they always replied with "technology can be used for bad things as well", yet free speech is an issue?
What's the difference?
So what? Literally saying that using Tor to evade censorship is a vile purpose is contradictory to that.