[orbifold]

At this point it is not really a good idea to use Tor anyways, given that you are then automatically targeted by the NSA and at the same time potentially provide cover for covert operations of several countries. What is really needed is political action to limit the capabilities of security agencies to indiscriminantly monitor web traffic.

[cortesoft]

I disagree. The only way to prevent security agencies from indiscriminately monitor web traffic is to make it technically impossible. No political action is going to stop all such entities in the world from monitoring web traffic, let alone prevent non-government entities from doing so. I am not saying Tor is the answer, but whatever the answer is, it will have to be technical.

[DanBC]

> The only way to prevent security agencies from indiscriminately monitor web traffic is to make it technically impossible.

The vast majority of people do not want that Internet. See, for example, the popularity of Facebook. (About 1.2bn users per month).

You need technical measures, and law, and effective oversight.

[x1798DE]

I would guess that the vast majority of users don't know enough to have an opinion about the security and privacy of their browsing experience, but would be in support of such improvements if it caused them no inconvenience.

Law and "oversight" are really not likely to be effective. They're only useful as part of a "defense in depth" strategy, where we make it technically impossible for any attacker to get this information, and if our protocols have flaws in them, the government shouldn't be allowed to look at them anyway, so we have a second (weaker) layer of defense behind our primary defense.

[Zigurd]

Privacy or "oversight," pick one. With strong croup and deniability privacy is absolute, unless you want torture to be a law enforcement tactic. If you can't handle that, you might as well communicate in the clear.

[DanBC]

What?

Oversight is a legal measure applied to police and security agencies to ensure that they are obeying the law, not something you do to the general public.

[Zigurd]

Ideally, but in these times...

[orbifold]

Well Tor is obviously not the answer, it introduces too much latency and at the moment very few nodes mostly located in the US bear the majority of all traffic. No technical solution will prevent governments from monitoring all important network hubs. It seems impossible to prevent them to gather at least metainformation there. If enough routers in an onion routing scheme are compromised the same is true. If there would be laws that guaranteed the physical integrity of data centers, it would definitely be much easier to devise safe routing protocols.

[cortesoft]

Yes, Tor is not the answer. I can think of a hypothetical technical solution to the problem, however. If everyone used an onion-routing protocol where everyone also acts as an exit node, you could create a situation where even meta-information would be unobtainable.

[orbifold]

As it stands Tor is deliberately routing the majority of the traffic through a minority of the available exit nodes, they explain that they do that for performance reasons. Given that they are financed almost exclusively by the US government and some of the developers have very friendly relations with law enforcement to this day, it is at least plausible that there are other reasons at work. In some of the leaked NSA memos they even state that while they have not been able to fully compromise the tor network so far, at least the majority of their targets are using it. All of this is a clear indication to me, that TOR should be abandoned sooner rather than later.

[Cyther606]

True, but if everyone were to use Tor all the time, everyone would be suspicious all the time, and therefore no one would be suspicious ever.

I'd like to see a pay-per-install Tor browser program materialize, one that would incentivize retailers and ISP techs to install Tor browser on customer devices. Every device should be connected to Tor from the moment it is powered on. Then we could at least go back to having free speech on the Internet.

[pdkl95]

"...suspiciuous all the time"? What nonsense. When Everyone uses Tor (or anything else), by definition that is "normal".

Or do you view envelopes with this same paranoia? https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html

[Cyther606]

To the NSA, a normal Internet citizen is a terrorist. Just searching the Web for anything Tor-related gets you put on a list. You are preaching to the choir.

[Houshalter]

He addressed that in literally the rest of the sentence:

>everyone would be suspicious all the time, and therefore no one would be suspicious ever.

[tete]

I think the opposite is the right thing. We should try to get everyone on that list.

[orbifold]

This is not realistic though and as I said it would actually help the security establishment and military if more people used Tor.

[serf]

It's pretty realistic given the impetus towards tor-enabled FOSS routers. Many people may begin using tor without ever realizing it, if certain people get their way and the tor network expands to allow such usage realistically.

[gweinberg]

No it wouldn't. How is it possibly helpful to the security establishment if I use tor for what is essentially an innocuous purpose?

[orbifold]

It helps them because they are using the service for covert operations. If they were the only ones using it, it would be useless to them. They did very cleverly position it as an instrument for dissidents and at the same time told the generals that this would actually be an advantage. On top of that the NSA is known to successfully target Tor users. If you are really doing something that is against US security interests, you would be mad to use Tor, that was all I was trying to say.

[tete]

The same thing can be said about the internet as a whole, even more so.

[Sprint]

On the opposite, everyone should use it. I love using it for queries I feel embarassed about, like googling for illness symptoms or watching wildlife documentaries.

[gnarbarian]

but then how can amazon.com bombard you with ads for Anal Wart Cream for the next six weeks?

[jessaustin]

As soon as I learned that companies are people, I suspected Sprint might have something like that.