You may be able to find an extension for your browser of choice to do just that! I have one for Firefox but I’m on mobile right now and can’t find it. I can send it later if you’d like. But they do exist!
Veracrypt 1.18 was audited in 2016 by the Open Source Technology Improvement Fund [0]. It is incredibly unlikely that a random NSA backdoor is sitting around on a high profile open source project like Veracrypt. If you are still skeptical you are free to take a look at all of the source yourself [1].
Let us say that there is nothing beyond death, does that really mean that life is ultimately pointless? I'd argue that the idea that there is nothing beyond death is what makes life all the more meaningful. We are only going to get one shot at all of this, we better make it count.
From this I derive the motivation to work hard at what I do and ultimately try to contribute to the problems we face as a species before I pass. It also makes me appreciate the raw human connection that we can all experience: love, passion, friendship.
I may not be the one to light the altar of discovery that allows us to say, cure cancer or become a spacefaring species, but I will proudly carry the torch and pass it on.
You can philosophise yourself into just about any position: death is real & life is meaningless, death is real and life is meaningful, death is but a transition & this life is meaningless, death is merely an illusion and life is meaningful,
I feel this. As a first year Computer Science student at university I am currently torn between staying as CS or switching to Computer Engineering. I am really interested in the low level aspects of computers from a software perspective (OS development, assembly, compilers) but I feel my education in my area of interest won’t be complete if I don’t also understand things from a hardware perspective.
This is incorrect. A Tor hidden service is fundamentally different from port forwarding. If you don't have the hidden services onion address (v3 address) then you physically cannot make a connection to the hidden service. This is because the onion address is the hidden services public key.
You can scan the entire internet for open ports, you can't scan the Tor network for hidden services to connect to unless you already have the hidden services onion addresses.
When you create an onion address, does that address get leaked at any point? As in, are there nodes or servers in the Tor network that know that xxxx.onion is a valid address at the time of creation or afterwards?
With the old v2 hidden services (16 character long onion addresses) it was possible to recover the onion addresses of any service running on the Tor network while the v2 hidden service was running.
However, that issue was only present in v2 hidden services. v2 has been depreciated in favor of the new v3 hidden service protocol (56 character long onion addresses) which is not vulnerable to this issue. This new protocol contains a full ed2559 elliptic curve public key in the onion address. The key in the onion address is used to derive what are called "blind keys". These "blinded keys" are then announced to the Tor network in such a way that nobody can recover the original public key without prior knowledge of the it, leaving them unable to establish a connection with the hidden service.
I have only briefly elaborated on how v3 hidden services work. If you are interested in a more in depth and technical explanation I encourage you to read:
This is completely incorrect. It is physically impossible to make a connection to a hidden service without the hidden services onion address (I am talking about the current v3 onion addresses, the ones that are 56 characters long). This is thanks to the fact that the onion address itself is the hidden services public key.
If you keep your onion address private then nobody can connect to your hidden service or even know that it exists. Simple as that.
It's also "physically impossible" for someone to gain access to a well configured IPSec endpoint, yet we still consider this a point of access that needs appropriate controls and security oversight. There are many, many ways that people collect key material to use to access tunnels to corporate networks. No matter how confident you might be in the technology, you should never provide an access point to a private network without full consideration of the security and compliance implications.
Perhaps the bigger issue though is that Tor at least used to be frequently used by botnets for C2, I'm not in a SOC environment any more so I'm not sure how much that trend has changed. But it's very common for corporate security programs to configure IDS to report on Tor traffic since it's associated with some sort of compromise a good percentage of the time. This does mean you get occasional false positives from normal Tor use to e.g. anonymously access public materials but that's life in a SOC. The point though is that most corporate environments ought to notice this kind of thing happening whether or not it's done with the approval of IT/security.
