Comment on When people recommend Brave browser.
A_Random_Idiot@lemmy.world 1 day agoI thought people gave up on Tor years ago when it was revealed that it wasnt anonymous at all due to all the entry and exit nodes controlled by governments and spy agencies.
xiii@lemmy.world 1 day ago
The NSA wasn’t able to break Tor fundamentally, even with spanning numerous exit nodes to intercept traffic, and high-scale traffic correlation between enter and exit nodes
theguardian.com/…/nsa-gchq-attack-tor-network-enc…
spicehoarder@lemmy.zip 23 hours ago
Do we trust a 12 year old article sourced from the government to be honest about current/past capabilities? Genuinely asking.
xiii@lemmy.world 1 hour ago
This question is unironically very deep. As it’s privacy we’re talking, you decide what to trust on your own.
My understanding is that Tor provides anonymity for my threat model (ad-tech corporations).
But trust need to be placed somewhere. Do we trust Mozilla? All their emploees? Do we trust OSS? Does anybody actually review open-source code? What about supply chain attacks?
I am, a nobody, was personally invited to a Contagious Interview (a person, pretending to be a client for consulting was trying to place a rootkit on my machine via GitHub repo).
What about AI-assistet coding that actively tries to eliminate security gates?
macros@feddit.org 21 hours ago
In this case I would. Its from the Snowden leaks and from the government for the government, never intended for our public eyes.
Also if you don’t fully trust tor, just add another layer (e.g. VPN). If the government dissuades you from secure open infrastructure and gets you to use closed ones, they have won because companies can always be forced to comply. Algorithms on the other hand, can’t.
ToxicWaste@lemmy.cafe 19 hours ago
who and what is your threat model? as @macros@feddit.org pointed out this article was probably rather accurate.
if you just want to browse anonymously - it is likely, that even the biggest tech corpos can’t de-anonymise you.
if you do small time crime, like buying and selling contraband - likely law enforcement would try to catch you in the real world. you have more vertices and vulnerabilities there, different enforcement agencies are experienced exploiting these.
if you paint a big ass target on your back and get the interest of the CIA or similar - you are probably fucked one way or the other. they may have the ability to de-anonymise you. but if you listen to people that did get caught or do the catching (e.g: darknet diaries), most of the times it is a small mistake. if you only ever play defence, that is enough to loose the game. but what are your options if your adversary is a national agency?