On 11/11/2015 07:59 PM, Ryan Carboni wrote:
* https://blog.torproject.org/blog/ethical-tor-research-guidelines <https://blog.torproject.org/blog/ethical-tor-research-guidelines> *> >* Interesting problem: to use Tor is to say you trust your ISP less than *>* some pseudorandom person over the internet.
On 11/11/2015 12:27 PM, Ryan Carboni wrote: *
[Mirimir wrote]
Sadly enough, that's often prudent. Some ISPs are honorable, for sure. But many are duplicitous scum.
In any case, it's more accurate to say that about your VPN provider. With Tor, you're trusting the system, but system integrity is resilient to malicious nodes. So you're not trusting any one of them fully, even your entry guard, as much as you would have been trusting your ISP.
Correct, it would be prudent to avoid using port 80 over Tor for anything personally identifiable.
http://motherboard.vice.com/read/court-docs-show-a-university-helped-fbi-bus...
You neglected to identify my response! Anyway, CMU's attack did manage to compromise some onion services, most notably SR2.[0] And I'm not impressed with the Tor Project's performance. They apparently ignored the CMU attack for five months. Maybe they got blindsided by a zero day vulnerability. Or maybe they just weren't paying enough attention. But the SR2 connection came up in a comment, and there's no mea culpa for the delay, just blame on CMU. It's stuff like this that fuels conspiracy theories about Tor and the US military. Also, your comment about port 80 makes no sense in this context. The CMU attack deanonymized onion services, not users. And port 80 with onion services is secure. It's non-encrypted traffic through exit nodes that's insecure. There's no exit node when using onion services. [0] https://blog.torproject.org/blog/did-fbi-pay-university-attack-tor-users