WYGIWYG
- 0 Posts
- 7 Comments
Historically, people have gotten caught with their hands in the cookie jar while using tor. Most of the documented cases have been from DNS leaks and the like through targeted attacks.
Theoretically it’s possible to own enough of the intermediate and exit nodes to collect meaningful data about who’s using it and where they’re going. It’s just very difficult and expensive.
I only give it maybe 50/50 odds let the feds have this power, but that’s not particularly rosey for a security product.
From the backbone perspective,VPN traffic absolutely gets monitored on the way out, and they can probably tell everyone that is on the VPN provider at the moment. But timing attacks are rough through a busy crypto tunnel. Your protection basically rolls down to whether they’re keeping logs, whether somebody’s monitoring the backbone around them, and if there’s any point in time where the traffic on the VPN is low enough that they can correlate traffic in with calls out.
Unless you’re pissing off the feds I doubt tor is any better off than VPN.
Honestly, if it went that far, They could just outlaw encryption altogether. Require all SSL to include their back door and they DPI everything on the way through. If anything doesn’t work on the DPI, they log it and drop it. We’ll end up having AI write us novels where you can take predetermined word order to create encoded messages
Likewise, never trust that tor is completely anonymous. There are a limited number of tor nodes, and an extremely limited number of exit nodes. The barrier to entry to stand up thousands of nodes is simply a cash problem. It certainly beyond the reach of most corporations, But I wouldn’t want to do anything on tor that would draw the ire of a large government agency.
They support catch-all. You could use your pluses and then mail filters.