Don't forget 6 months waiting time for breast cancer diagnoses.
Don't forget over a months waiting time for a simple antibiotic shot, which my friend died while waiting.
Don't forget, can't see a doctor for two freaking weeks for a simple stomatitis.
Don't forget 3+ months and waiting for a freaking endoscope procedure.
For everyone not in critical situation, your country's health care is shit. Don't even deny that it's fucked up.
Thanks god I moved out of that country after my friend died due to sepsis because of the fucked up system that made him wait months to get his antibiotic shot.
Another Canadian here - this is not my experience at all. I have lived both in the east and west of Canada. Health services are excellent. Any issues and I just visit the hospital and they take care of it promptly and walk out not having paid a cent. Oh I think I do have a monthly charge for our entire family - something like $75 per month.
Because you haven't experienced a problem in your body that is rotten deep inside but shows little to no symptoms. My friend died in Alberta. It took two weeks to even see a doctor and more to wait for antibiotic shots.
Doctors try hard to not make problem a problem because the system is fucked in a way that doctors benefit from less patients. They don't try to cure. They wrap up the symptom and makes patients think it's a small problem.
Oh yeah, there is a way to be cured without waiting in Canada. When you're on the verge of death.
I despise hypocrites praising health-not-care in Canada. It just makes me sick.
I lived in Alberta for 2 years, I've got many friends living there still. I have never heard of what you're talking about, and certainly never experienced it.
I can't help thinking you over exaggerating the issue to avoid single-payer heathcare in the US at all costs.
Also, I lived in Australia for 23 years. It works great there.
I agree that for those fringe cases, healthcare in the U.S. might be better (Uruguay is also bad with tough to diagnose diseases).
But for 99.99% of the remaining cases, Canadian or Uruguayan health system is way better.
And I think there has to be a way to reconciliate the very good U.S. top of the line healthcare with the way better general healthcare most of the rest of the world has.
My sister lives in San Francisco and there are several benefits I regularly use which you basically can't access in the U.S. except if you're a millionaire - like doctor visiting your house when you're sick, and I mean things like a fever or a flu, and ambulance coverage included in basic healthcare.
Wouldn't your onion service uptime become correlated with the guard's uptime? DDoS probes as described in the OP plus some basic monitoring of known onion sites could discover onions paired with single guard nodes. And if I can become certain that the guard node is owned by the onion operator, you're one subpoena away from deanonymization.
>Wouldn't your onion service uptime become correlated with the guard's uptime?
Yes. This is happening on a fairly regular basis. ddos against a tor node in most cases is just trying to figure out someones IP address or guard node.
If you run a big darknet site dealing with things like drugs, CP, fraud, and you want to stay around for a while you need to run lots of nodes otherwise you will be pwned probably within hours. There is no point in doing that for legal onions sites like facebook because everyone knows their real operators.
Now when you run lots of nodes and at the same time a big website on the darknet you are in the perfect position to run traffic correlation attacks yourself.
There is some tutorial available which suggests using some deceptive methods to spoil such tracing efforts. For example when website A is going down you also shut down your site. Or when there is a big blackout of AWS US etc
Running your own guard is stupid unless you open it for the world to use.
If you're the only person using the guard, then the guard offers you zero anonymity.
And if lots of people use your guard, then make sure it doesn't violate your ISP's terms of service. (Most ISPs have a clause about residential customers not running public services.) Also, have a plan in place for when (not if) you receive legal notices about copyright infringement, child porn distribution, and other acts that could be criminal in your country/city.
As long as you're anonymous enough about it, I don't see why running your own [private bridge] is any less anonymous than using an unpublished bridge, or a snowflake proxy.
An adversary with lots of intercepts could certainly figure it out. But otherwise, how would anyone know?
And at least, it protects you from malicious guards.
Also, your point about violating a residential ISP's ToS is troubling. Because nobody in their right mind ought to be running any sort of Tor relay from home. It's a ~sure way to get your IP address on many blocklists.
And about getting notices, that only happens for exit relays. Not for guards and middle relays.
Edit: Actually, I meant running your own unpublished bridge, not guard. In the bridge torrc:
A malicious guard is just a malicious node. It can also be used as some other hop, or there can be non malicious nodes without a guard flag. I think there has been at least one publication taking a closer look at what malicious middle nodes can do.
I'm not familiar with bridges or the snowflake proxy but I think this would work:
Public bridges are public so no one cares about those. Now you run your own private bridge. First of all running your own leads directly back to you. Second it puts you on the list of even more paranoid people. Since you know and connect to that private bridge one can assume you trust that bridge for whatever reason which indicates some kind of "personal" relationship to that bridge.
The private bridge now connects to the second hop. This is a malicious one. The operator sees an IP which does not come from an official relay in the consensus. I don't know if a node knows he is in the middle (at least a guard and exit must know they are at the beginning and end of a chain, i guess?), but if he does he would now know that a private bridge is connecting to it. So you could enumerate private bridges.
If someone runs dozens of nodes, which is actually happening, this looks like a viable option. Correct me if I'm wrong.
> First of all running your own leads directly back to you. Second it puts you on the list of even more paranoid people.
It doesn't point to "me", at least in meatspace or even as Mirimir. It points to some anonymous persona, created specifically for that purpose. On its own Whonix instance, through its own nested VPN chain, and using its own multiply mixed Bitcoin. All totally disposable.
And to be clear, I'd use a different anonymous persona for the onion service itself, created specifically for that purpose. With all the features described above.
> Since you know and connect to that private bridge one can assume you trust that bridge for whatever reason which indicates some kind of "personal" relationship to that bridge.
There are numerous private bridges, and many of them have only a few users. Perhaps even just one user.
> The private bridge now connects to the second hop. This is a malicious one. The operator sees an IP which does not come from an official relay in the consensus. I don't know if a node knows he is in the middle (at least a guard and exit must know they are at the beginning and end of a chain, i guess?), but if he does he would now know that a private bridge is connecting to it. So you could enumerate private bridges.
Sure. Authoritarian regimes do that all the time.
But here's the thing. My Tor client will still only use that bridge. So it can't be tricked into using a malicious bridge. And I can change private bridges frequently, if I like. It's not at all hard to configure them.
First: If you're going to do that, then why bother with Tor? Just get a couple of private cloud boxes and make your own VPN. (You'll be just as secure. Which isn't as secure as Tor, but it's better than nothing.)
Second: "An adversary with lots of intercepts could certainly figure it out." Exactly. If you use Tor properly, then nationstates with virtually infinite resources can't figure it out. (That's why some countries block Tor; if you can't crack it, then block it.) But if you run your own guard, relay, rendezvous, or exit node -- and you're the only person who uses it -- then an adversary with lots of intercepts could certainly figure out who you are.
I bother with Tor because it's this onion routing network that's pretty large and well used. And maybe even ~secure and ~uncompromised, but counting on that is iffy.
I mistakenly said "running your own guard". What I meant was "running your own bridge". But in practice, that's basically the same.
But it's disingenuous to claim that even using a private guard (which isn't possible, as far as I know) is "just as secure" as a private VPN. Because there are still two other relays in its circuits to introduction and rendezvous points.
It is less anonymous, I admit, but it's also less vulnerable to malicious guards. And from what I'm aware of, malicious guards have deanonymized far more users and onion servers than traffic correlation attacks have.
> If you use Tor properly, then nationstates with virtually infinite resources can't figure it out.
That's just plain wrong. Even the Tor Project admits that.
But in any case, I'd never count on servers remaining uncompromised. I'm very careful to avoid associations with them.
Edit: Here's a little thing that I sometimes do, if I really want to obscure an SSH login or whatever.[0] Basically, I can do a Tor plus VPN based version of the old telnet login chaining thing.
>But it's disingenuous to claim that even using a private guard (which isn't possible, as far as I know)
I have been thinking about this for a while, too. There is some Tor fork which allows non-exit nodes to exit. It has been posted on tor-talk a while ago.
For a private guard you would need to change the local consensus file and include the private guard. Then you would also need to control the next hop so it recognizes your guard as first hop and connect you to the third hop. I don't see why this won't work in principle.
So you could have Tor exits that aren't published.
That would get around the CAPTCHA plague for Tor users.
Another option that I've considered is IPv6. Relays with both IPv4 and IPv6 must publish their IPv4, in order to get OKed for use. But as far as I know, there's no reason why they couldn't preferentially push exit traffic through IPv6. And indeed, use a different IPv6 address for each circuit.
Operators of Internet sites have the ability to prevent traffic from Tor exit nodes or to offer reduced functionality for Tor users. ... The BBC blocks the IP addresses of all known Tor guards and exit nodes from its iPlayer service, although relays and bridges are not blocked.^[110]
The above is from the Wikipedia page for Tor. If the guard IP was "unpublished", then would that be a way to access sites like BBC iPlayer in spite of their blacklisting known guard IPs. Perhaps in the BBC case some users were trying to use Tor as a "poor man's VPN" to get a free UK IP address.
I work on infrastructure at Discord. Our voice and video infrastructure gets attacked quite frequently and we have pretty good tracking about which ASNs the traffic is coming from as part of our mitigation processes.
Anyway, Choopa is a common source of DDoS in our reports, so I can corroborate the OP's comment to some degree. They aren't the largest we see, but they're in the top 10 sources for us.
As someone who used to work for a company that hosted large-scale gaming infrastructure, I can confirm that Choopa was a common source of DDoS. DigitalOcean, too, and lots of eyeball providers. Any provider who allows credit card payments has issues with outbound attacks, and some are better at responding quickly than others.
It got so bad we ended up building and deploying our own line-rate packet processing engine at our network edge to be able to deal with the weird UDP protocols gaming uses.
Why? That ship has sailed long ago. HTTPS is a requirement for browsing the web in 2020, just as HTTP was in 2000.
Most of the browsers that can't do modern HTTPS run on operating systems that shouldn't be on the public internet because of security concerns in any case, so that leaves perhaps a few really fringe browsers. Come to think of it, I can't even name one of them — even text-based browsers like Lynx work with DuckDuckGo (you end up on this Lite version).
Good point, but embedded systems don't generally act as an agent for a user to browse the internet. Their endpoints tend to be known API's. You wouldn't use DuckDuckGo from an embedded device like that until you reach the level of a full-fledged modern OS with an up-to-date browser (e.g., Linux running on a Raspberry Pi). It would be meaningless too, because even if you could use a search engine without HTTPS, almost all of its linked results will require it.
The internet can be used without HTTPS, but you can't expect to browse common websites without it.
The fact that the particular "criminal justice system" did not even allow him to contact the media sold me. He can't get a fair trial in Japan because their system is broken.
This does not apply automatically, but it is true that such restrictions are possible, and that there has been criticism that they are applied in too many cases and for too long times.
Don't forget over a months waiting time for a simple antibiotic shot, which my friend died while waiting.
Don't forget, can't see a doctor for two freaking weeks for a simple stomatitis.
Don't forget 3+ months and waiting for a freaking endoscope procedure.
For everyone not in critical situation, your country's health care is shit. Don't even deny that it's fucked up.
Thanks god I moved out of that country after my friend died due to sepsis because of the fucked up system that made him wait months to get his antibiotic shot.