This is why I won’t do anything of the sort. With the increasingly authoritarian state that Amurica is turning into, I will tread very carefully. Including using VPN. I don’t know much about Tor and perhaps I should learn more but my understanding is the traffic is largely plain text and not encrypted. Please correct me if I am wrong.
It’s encrypted, encrypted many times over, it’s completely anonymous… as long as you’re staying inside the network. An exit node connects to the regular internet and that’s what’s going to start showing up on logs. This was completely secure for the people actually dealing in cp.
I can’t believe this stuck, it’s the equivalent of arresting a business owner because someone distributed cp while connected to their Wi-Fi.
Not completely secure. If the same entity controls the entry and exit nodes (any maybe also relay?), it is my understanding that traffic can be traced back. Low probability, yes, but not completey.
Which has probably happened. It’s (shady uses, not necessarily this use) one of the reasons there was a big push to get consumers to put a password on their wifi back in the day.
Yep. Routers used to come wide open out of the box, you had to actively secure them. They come with reasonable initial security now probably because of things like that.
In this context (running a tor exit node) none of that would matter. You can’t choose to run an exit node and then try to feign innocence or ignorance. It’s why I have deep respect for anyone willing to run an exit node because you’re taking on MASSIVE risk for absolutely no reward.
“used to”. Xfinity includes a public access point on my router that I’m not able to turn off. They used to lie about it and deny it until too many people caught on.
It’s quite possible he had either a public defender or a poor attorney. I am friends with an attorney who works with the poor, indigent, and people otherwise unable to fight for themselves. I help him out for free when he has questions related to technology and IT. I really need to read up on Tor because there might come a time when I’ll need to assist my friend in a similar matter. It’s quite chilling that the state could potentially punish a business owner for providing a free service like WiFi. I have another friend who runs a the neighborhood sports bar and she offers WiFi to her customers. I think I need to implement some content filtration for her so as to prevent her from potentially getting blamed for a crime she did not commit.
The high majority of websites are HTTPS, which means that the contents of requests are end to end encrypted. Technically if it’s just HTTP, it’s plaintext, but basically no sites operate outside of HTTPS anymore.
All that stuff about everything you do being in the clear is outdated, and basically just VPN propaganda. The only parts of typical web browsing that aren’t encrypted are DNS resolutions, but DoH and encrypted DNS are starting to be a thing. In which case, your ISP/gov will know you’re accessing your bank’s site, but not what you’re doing on there because everything else is encrypted.
Tl;Dr: Everything being plaintext is really outdated and is basically VPN propaganda. The majority of network traffic for most users is end to end encrypted already.
I think you might misunderstand what metadata is. The type of metadata you might be referring to are simply tracking methods employed on webpages by the likes of Facebook, Google, and other advertisers. But those are encrypted as well, they’re not open to view by anyone in the middle because they also utilize HTTPS. The vulnerability they pose is the potential for that data to be given up, or subpoenaed on the database end. There is no magic unencrypted data sent when dealing with accessing a website except, as mentioned, possibly the DNS query, which can be easily encrypted via DoH.
Except, VPNs and Tor aren’t even magic bullets for privacy. The moment you log into a service, you lose your veil of privacy if your activities can be reasonably linked. To really remain private, you would need to use Tor Browser, likely over a VPN, preferably on a live booted system like Tails, and forego any usage of JavaScript or account logins. Doing anything different exposes you to tracking methods. Which removes you from using the majority of the Internet.
The Server Name Identification (SNI) standard means that the hostname may not be encrypted if you’re using TLS. Also, whether you’re using SNI or not, the TCP and IP headers are never encrypted. (If they were, your packets would not be routable.)
This is why I won’t do anything of the sort. With the increasingly authoritarian state that Amurica is turning into, I will tread very carefully. Including using VPN. I don’t know much about Tor and perhaps I should learn more but my understanding is the traffic is largely plain text and not encrypted. Please correct me if I am wrong.
Lol maybe do the barest amount of researching before commenting on something you know nothing about?
It’s encrypted, encrypted many times over, it’s completely anonymous… as long as you’re staying inside the network. An exit node connects to the regular internet and that’s what’s going to start showing up on logs. This was completely secure for the people actually dealing in cp.
I can’t believe this stuck, it’s the equivalent of arresting a business owner because someone distributed cp while connected to their Wi-Fi.
Not completely secure. If the same entity controls the entry and exit nodes (any maybe also relay?), it is my understanding that traffic can be traced back. Low probability, yes, but not completey.
And guess who’s got a lot of funding to run honey pot nodes?
Which has probably happened. It’s (shady uses, not necessarily this use) one of the reasons there was a big push to get consumers to put a password on their wifi back in the day.
Surprise! It has: https://www.registercitizen.com/news/article/Man-mistakenly-charged-with-child-porn-after-12077668.php
Yep. Routers used to come wide open out of the box, you had to actively secure them. They come with reasonable initial security now probably because of things like that.
In this context (running a tor exit node) none of that would matter. You can’t choose to run an exit node and then try to feign innocence or ignorance. It’s why I have deep respect for anyone willing to run an exit node because you’re taking on MASSIVE risk for absolutely no reward.
“used to”. Xfinity includes a public access point on my router that I’m not able to turn off. They used to lie about it and deny it until too many people caught on.
It’s quite possible he had either a public defender or a poor attorney. I am friends with an attorney who works with the poor, indigent, and people otherwise unable to fight for themselves. I help him out for free when he has questions related to technology and IT. I really need to read up on Tor because there might come a time when I’ll need to assist my friend in a similar matter. It’s quite chilling that the state could potentially punish a business owner for providing a free service like WiFi. I have another friend who runs a the neighborhood sports bar and she offers WiFi to her customers. I think I need to implement some content filtration for her so as to prevent her from potentially getting blamed for a crime she did not commit.
The high majority of websites are HTTPS, which means that the contents of requests are end to end encrypted. Technically if it’s just HTTP, it’s plaintext, but basically no sites operate outside of HTTPS anymore.
All that stuff about everything you do being in the clear is outdated, and basically just VPN propaganda. The only parts of typical web browsing that aren’t encrypted are DNS resolutions, but DoH and encrypted DNS are starting to be a thing. In which case, your ISP/gov will know you’re accessing your bank’s site, but not what you’re doing on there because everything else is encrypted.
Tl;Dr: Everything being plaintext is really outdated and is basically VPN propaganda. The majority of network traffic for most users is end to end encrypted already.
That is not completely true. Often the payload is encrypted but not the metadata. It is the metadata that usually is the cause of privacy issues.
I think you might misunderstand what metadata is. The type of metadata you might be referring to are simply tracking methods employed on webpages by the likes of Facebook, Google, and other advertisers. But those are encrypted as well, they’re not open to view by anyone in the middle because they also utilize HTTPS. The vulnerability they pose is the potential for that data to be given up, or subpoenaed on the database end. There is no magic unencrypted data sent when dealing with accessing a website except, as mentioned, possibly the DNS query, which can be easily encrypted via DoH.
Except, VPNs and Tor aren’t even magic bullets for privacy. The moment you log into a service, you lose your veil of privacy if your activities can be reasonably linked. To really remain private, you would need to use Tor Browser, likely over a VPN, preferably on a live booted system like Tails, and forego any usage of JavaScript or account logins. Doing anything different exposes you to tracking methods. Which removes you from using the majority of the Internet.
https://stackoverflow.com/questions/187655/are-https-headers-encrypted#187679
As it turns out, eSNI (to take that forward, eCH) has become common in modern browsers with a supported DNS provider
There is work to hopefully improve this situation for SNI at least: https://datatracker.ietf.org/doc/draft-ietf-tls-esni/.
It was Australia