Hacker News new | past | comments | ask | show | jobs | submit login

You trust Tor exit nodes over vpn providers?



Is there any need to trust Tor exit nodes at all?


If you block non-tls traffic period and you never click through on invalid cert sites the only concern is 0day exploits. As much as https is popupar there is still alot of plain http sites and sites that upgrade to https after the first request. Data collection and running JS in your browser aside,there are clever tricks used to track and possibly deanonymize youand obviously they are hostile when it comes to exploutation.

At least VPN providers need your money and their reputation and you can chain them for tor like privacy without the poor performance and anonymity.


Is all traffic you send across them secured in a way that the exit node can't do anything bad to it?

(Tor exit nodes have been caught injecting malware into binaries downloaded over HTTP through them, for one possible problem if it isn't)


> Tor exit nodes have been caught injecting malware into binaries downloaded over HTTP through them

It's more accurate to say bad actors have been injecting malware into HTTP-downloaded binaries. Some of these bad actors use Tor exit nodes, some use free WiFi hotspots, and some run their own VPN services. Framing this as a Tor problem is like blaming violence on weapons instead of the perpetrators.


Sure, I do. TLS provides end-to-end encryption and sites which don't support it are not allowed to run Javascript in my browser.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: