PsyDuckmonkey said:
MachienDome said:
Auxin said:
That the US funds TOR is not proof of its insecurity.
No, but the fact that they abandoned it does.
Using TOR on top of an insecure system doesn't do anything. Using an outdated version is useless :!:. Use TAILS, it provides a bit more security.
Please don't perpetuate superstition. TOR is not broken, and Tails is not particularly better than the TBB for most common threat models. In fact, it has serious drawbacks as well as benefits. Every anonymization and encryption is defeatable by an appropriate sidechannel attack. It's worth reading up how they arrested Dread Pirate Roberts.
Your opsec needs to be appropriate to your level of threat. Expecting to be targeted specifically, with people expending effort to spy on you as an individual target, and generic efforts to avoid getting caught in a dragnet data collection are two very different things, and need different levels of commitment on your part.
I won't quote how TOR should be used to browse and communicate safely, there's plenty written about that. And it's mostly not about your technology stack (though that does play a part), but about your behavior, both online and offline.
Agree to disagree, but you may have to define "broken" first. I know how Dread really got caught, not the FBI lies that they tell the public and courts. I can assure you it has nothing to do with superstition, only technology. Believe me or don't, I'm just spreading the knowledge I myself have gained instead of repeating what I have heard. After the house came crashing down, I'm still here and thats no fluke. 8)
I do agree with the "Your opsec needs to be appropriate to your level of threat." statement, though. Its various federal agencies that are the threat on a forum like this, so dont forget that. Unfortunately, you cant go back in time and make it more secure once its too late so more security up-front is better. You seem to understand better than most how to successfully use the technology (as in, not the "install and I'm good forever no matter what I do" school of thought) which means surely you know that TAILs is more secure than Tor Browser.
I hope you dont hold those previous statements against me, I believe we are both on the same team here and have more common in the notion of security than it might seem from this post, I merely wanted to point out that from what I have experienced for myself, Tor Browser is way too easy to circumvent. TAILs is far from perfect but is a secure environment as opposed to a "secure" app on an insecure environment. There's no sense in locking the door if you just leave a window open anyway. I prefer security in layers, not a one-shot Hail Mary. Tor Browser is (or rather should be) only a piece of your over-all security posture.
Anyway, I won't be debating the issue further, I don't feel there is much thats constructive about it. I have seen many people hop on the "Tor isnt broken" bandwaggon and it seems to be either an agenda or a religious conviction at this poiont. The evidence is astounding that the TOR network is not nearly as secure as most assume it is and Tor Browser alone is hardly enough. Those that believe its impossible to find out who you are when using Tor Browser on a Windows machine, who downloaded it from home over WIFI without a VPN and never even checked/verified the Checksums are the ones who will just put their head in the sand and feel self-satisfied that they are completely secure now that they have one program to enter their selfies into because they were told so. Remember the old mantra of security: Verify, Install, CONFIG, and test.
Quick shout out to all my brothers and sisters MIA in the Drug War and in Federal Prison. I miss you
Justice will prevail against their corrupt, immoral system. Redemption is upon the horizon and closer than it appears. Can't stop, won't stop.