| The parent poster who thinks they're saved from Saudi arabian domestic intelligence agencies by using tor is probably overly confident about how much tor is doing for them. The saudis absolutely have lots of money to pay for good quality DPI boxes from China. Using tor by itself stands out. Since it doesn't look like saudi arabia is blocking traffic to/from major cloud hosting providers (obviously, they'd break most of the internet), this person could simply run a remote desktop session as something like VNC-over-https-by-TLS1.3 (apache guacamole or similar, lots of things). Or use any of a number of US-based companies that will sell you a cloud-hosted remote desktop system you can use via an HTML5 client inside chrome, firefox, edge or safari, again, over TLS1.3 If the saudis are breaking TLS1.3 in an up to date browser in a client workstation that doesn't have some kind of APT/rootkit on it (also a high risk), we have other problems. And then keep the saudi workstation as basically a thin client only. It would look indistinguishable from any ordinary company persistent TLS session used between a workstation PC and some business application hosted in the "cloud". All of the above doesn't help much if subject to rubber hose cryptanalysis. |
They wouldn't need to break TLS 1.3 if they have access to root certificates, they could use them to perform MitM attacks.