Hacker News new | past | comments | ask | show | jobs | submit login

If my adversary was a state, I'd be seriously worried that the act of downloading Tor is monitored and would put me as a potential threat.



You can use pluggable transports to camouflage your traffic (they're already built into the Tor Browser, e.g. meek, snowflake, ...).

To get Tor in the first place in a censored/risky place you can get it from the official GetTorBrowser repository on Github: https://github.com/TheTorProject/gettorbrowser (There are additional links to GitLab, Archive.Org, Google Drive)


The state could easily track who accesses that GitHub page, if they control the ISP.


That GitHub page in particular, versus any GitHub page? That'd involve a TLS break, no?


Just did some research, and you're right! TLS obscures the URL by default. I didn't know that.

Only nuance being that an attacker can draw conclusions about the length of the URL- which won't be very helpful on Github.


TLS alone is not sufficient. Fortunately, Github is also on the HSTS preload list.


> length of the URL

Also the length of the response, which is significantly more 'helpful', although probably not enough for a working attack unless you're willing to harrass a significant fraction of your intellectual workforce over false positives.


Yeah they need to hack or infiltrate Github, or get a warrant for your data.


Good thing Microsoft isn’t voluntarily in the PRISM progra-


Taking bets on "Microsoft was nudged into buying GitHub by one of the three letter clubs" being revealed one day


Especially in places like China where the Internet is heavily censored and Microsoft already has experience complying with the government's policies. https://www.wired.com/story/china-github-free-speech-covid-i...


with or without downloading Tor I say its safe to assume everyone here is already under some kind of monitoring like we're all potential customers/criminals


We’re all on many lists. What matters is where you rank on it.


I would think that not being on any of lists would be so suspicious on its own, it would warrant adding to a list.


Mumble mumble, Bertrand Russell, mumble...


There's way too much noise in this measurement for it to be seriously meaningful, unless ownership of tor was itself a crime.


Maybe in the west that'd be true- since we can freely trade information over the public internet, TOR doesn't have much utility. Let's say you're in a more totalitarian government that censors more information- TOR might look like a practical solution there, and might have people using it for more practical purposes.


Yes, who would dare use something like a VPN in a totalitarian country like China?


> since we can freely trade information over the public internet

No we can’t.


Don't be pedantic, you're doing it right now.


He's right, it is a pretty big if, since storage space and compute power are basically free for NSA/CIA (and they have shown they don't care about privacy laws or the 4th amendment) you can safely assume all your traffic and data is stored away somewhere for future usage against you. If you're in Europe you are probably a bit safer.


There are many things you can’t post online because you’d get in trouble.


If your adversary was a state, they probably control most of the exit nodes you connect to.


Depends on which state is your adversary I guess?

US or someone from 5 eyes? Yes for sure!

Algeria? You're probably safer




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: