Honestly, you should just never assume anything is water-tight... and I don't think anyone ever said it was impossible to exploit Tor, just that it was difficult. The time had to come eventually and this is likely us only finding out about it just now.
Snowdon in Novemeber 2021, stated.... VPN are useless for protection against Government access, and so is encrptyion. As the Governments have so many back doors to your OS, Windows, Mac, Iphone, Android, they can see if you can see. They also can access your smartphone instantly if they have your IMEU number. VPN and encryption only helps to stop basic hackers.
Also Snowdon stated you should do muliple VPNs ie VPN a VPN, to stop hackers, but it still won't stop government access. Also VPN servers could be leaking or hacked by governments.
Have you noticed how they're trying to kinda pretend the last 20years of tech didn't happen. Like phone privacy is a new thing, hell they even had reports on the new danger..facial recognition only last year. Funny that the USA have been keeping that quiet but the UK government was totally open about it. Sorry USA cats out and has grandkittens 😬😂
If a nation state can create a temporary 33% chance they get your traffic and identify you, it really pokes holes in the logic of even bothering with Tor.
Tor was always super dumb in my eyes. It just seemed like what's happening here was guaranteed to happen. For a while I actually just assumed the Tor browser itself was made by the CIA or other agency. It would be a perfect way to just get everyone's data for free. Give up on Tor, it's dumb. Alwas was.
The issue is that trust is required for security. How do you know who to trust? Is it better to trust the government and/or private companies, or random people hosting servers, servers that happen to pipe all your internet traffic......Honestly you are already trusting the government and private companies anyways, then laying on top of it trust of random people....how is that more secure?
It is possible to reconfigure Tor to use 10+ hops instead of the default 3, paying for reduced deanonymization risk with yet more network latency. This attack seems to be an anomaly because of how big it is. And how expensive it is. The relays have to actually deliver enough bandwidth to satisfy demand, otherwise they won't be used for making connections. Tor was started in 2002, where this was unthinkable. Maybe we're now at a point where commercial hosting is cheap enough to make such attacks viable, and that the devs need to find a way to counter that. One possible counter is to add at least one node with increased trust - stable nodes added before 2015, nodes operated outside of the US by a known privacy organization, etc. I'm sure the Tor devs have already come up with ideas. Even if US anonymity is compromised (which sucks), there are users who don't care about the US and are instead dodging some lesser threat. There's also a bunch that just shovels torrent traffic through Tor.
@@lukesutton4135 not true in many cases. You can buy, bribe, kill, assassinate, blackmail, lie, cheat, steal votes/elections, pull strings in media, be friends with the right people, be a willing puppet by someone bigger, etc. I could go on and on but no there's many ways to be part of a government or part of a world problem, most of them not legal and certainly not always voted or caused by the people.
@gu4t4f4c not as bad as government, international, and world corruption at a fundamental level with no way to root it out or fight back against it (with not enough money or power to do so legally) and the only anonymity is reserved for those corrupt governments and organizations.
PSA: Don't host a relay if you've got a static IP. It will get flagged as a part of the Tor network and you will find yourself not being able to access some clearnet sites that auto-ban Tor associated IPs upon connection.
Raspberry Pis would be a Great idea for relays. Not that expensive, low energy consumption, don’t take up much space so they can just kinda sit around your router.
@@skywz a desktop is quite overkill for this...the Pi has almost an order of magnitude less power consumption, so especially when scaling, the power cost would start to become a significant factor.
It's important that the effectiveness of Tor be highlighted and stated as often as possible. The moment the public sees that there may be a vacuum for 'insert privacy tech', a thousand new but bullshit solutions fill this perceived void. Tor is excellent and should be kept and expanded. It is the most useful international tool against surveillance and for the exercise of fundamental civil liberties we have.
You say "perceived void" as if these voids aren't real. You literally can't make a 100% open source device work with cell networks anymore, "privacy tech" is pretty much nothing but a void.
@@bentos117 in this context mainly the 4th amendment which gives you the liberty to stop unreasonable searches seizures etc from being done to you And also the 1st amendment which gives you the liberty to engage in free speech and political communication In other countries they might not be called amendments but the fundamentals of human rights are fundamental to human nature everywhere
One year, suddenly the whole network expanded by 50% at the same time and place, and those computers were all in one particular place. Almost as though there was effort to control all of a particular kind of node through that place. Hmmm..
My understanding is that Tor doesn’t scale very well when the ratio of relays to users is too high because there’s less traffic mixing and more simple packet forwarding.
Tor relay serves thousands of connections. So it is safe to make 2x relay count. Maybe even 10x. 100x will be a problem most likely. But it will not happen anytime soon.
@@sdjhgfkshfswdfhskljh3360 As long as you use a trusted guard node you can still have anonymity, but there's no way to defend against pattern matching if someone (law enforcement) was interested enough to put in the work By correlating packets that you send with ones being received at the exit node, they can still unmask you
@@dustinjames1268 Wouldn't doing that be like a giant fishing expedition though? It almost feels like a ton of work to fish for cybercriminals when (assumingly) most of the connections you're sifting through have nothing incriminating or at least interesting.
@@fastestdino2 Basically they won't put in the effort to pattern match your traffic unless they have good reason Say they suspect you of running or accessing a CP onionsite, they will try.
@@N.S.A. I was busy fixing an electrical cabinet then one of your Buds came closer that the blinding light put my life in danger. Idk what pills you're taking guys but it's getting problematic.
I've given thought to some kind of TLS relay protocol. The server looks like just another TLS protocol server until it hears a relay request. Then it arranges a TLS connection and negotiation between the client and the next server in the chain, never sure if the next server is another relay, or just an ordinary TLS server.
@@hanelyp1 you should take a look at bridges and the obfs family of protocols, especially the latest interation. A bridge with obfs is basically a private guard relay, only used by those who know it exists. Later obfs protocols are actually actively trying to prevent probing, by requiring the user to know a secret key, in order to even detect it as a bridge. I'm sadly not very familiar on how exactly this is achieved though.
@@IanBLacy ikr. just a few weeks ago, they sentenced a 70-something years old woman for filesharing. she doesn't even own a computer, wifi was set up by the phone company just to get a higher price on her package
Question about relays: Setting up a relay should be fine, but from my cursory understanding of Tor, running an exit node would probably result in some sus traffic through my network. Is there any way to pipe the exit connection through a VPN or something to protect me before it hits the web, or should I just not run an exit node?
@@quidquopro1185 don't worry. I'm using a vps and the hosting provider is fine with it. I am going to host a relay and a bridge from my home internet once i get the chance
@@spinningjenny1629 ok sweet! Yeah i were just worried because I got my mom and dads network banned for 1 month just for running an exit node a few years ago. They were NOT happy...
@@5555Jacker Remember reading about theories that the FBI were hosting exit nodes back in the silk road haydays. Nothing concrete, but entirely plausible theories if you ask me. Haven't revisited the subject since. Might've been debunked with today's knowledge for all I know.
@@BromTeque Probably they were, but exit nodes alone shouldn't be enough to deanonymize somebody AFAIK. Could definitely be used for MitM attacks like SSL stripping, though. If I'm correct, Silk Road actually got brought down due to terrible opsec, rather than a weakness in Tor.
in almost every case where someone or a service was discovered on Tor it was bad Opsec and greed. however there are other but rarer examples and it requires a lot of resources (aka your tax dollars) to do this sort of thing, and it isn't even sure fired way.
I suppose this is one of the big issues with moving tor to a totally decentralized model, because then there is no authority to kick this sort of attack off the network. And governments have the resources to run far, far more relays than currently exist. Perhaps the only solution would be to make it so absolutely every tor user is also a relay (which still wouldn't be perfect, but a few million relay nodes in the middle would make it far less likely to hit three hostile nodes). Of course then comes the issue that many users will have very poor internet connections, as well as the potential issue with dynamic IPs.
Don't just run TOR relays on your home connection. Even if it's not an exit, some services will flag or outright block you. Online shopping and online banking are just two areas that can be heavily impacted.
@@hitler69 I’ve seen it mentioned in the comments previously (and have also noticed in threat feeds used by Umbrella, Firepower, etc) but I think companies can semi-easily block tor via URL / IP threat feeds. Not 100% sure but I believe Cisco firepower’s security intelligence for example allows you to whitelist, monitor, or block tor nodes.
It's a good thing you told us to double-check that everything could be done up and up because it turns out my ISP is Verizon and they will block the TOR traffic.
The Tor network needs to be turned into some kind of blockchain environment where you get rewarded for hosting a relay and mining is the act of relaying data. Kind of like a virtual version of the Helium network. If we could do that, the amount of nodes would explode. The informational sovereignty of the entire planet can't rest on a handful of volunteers.
1:34 I remember back in 2007 some people used their PowerMacs as Tor nodes. I know because back then, Tor had a very nice GUI made in Qt4 called Vidalia and with it you could check the identity of each node as reported by uname -a, unless they were Windows then it showed something else. It's a shame Tor toils with gimping Firefox these days rather than support Vidalia. It's been almost 10 years since they dropped it.
Informative and important coverage! I hope the dissidents in surveillance states that rely on this don't suffer the terrible consequences this brings. Feeding algo...
If half the servers belong to the US or Russia, then aren't you safer in the third world? Unless they are collaborating with your local dictator, which does happen a lot. But if you're in a random other country or aligned with their interests then their servers may actually protect you from your own government's attempt
@@muscularclassrepresentativ5663oh yeah, no, there was a story where people would use this tor/o ion gist to help with getting aid and voices heard. Great for USA as its a intelligence spy aid into country affairs. I think it was russia to, who uses it to surf our american clear web, or it was a middle eastern place, i forget.
now that's an intersting idea. we could sell raspberry pies in enclosures togheter with a manual on how to conect the tor network. this is something that even i would buy depending on the price
@@synthesoul I figured glow joggers may do that, to be safe there is documentation you should have and should live a squeaky clean lifestyle. Beyond documentation, you want CCTV in house, hidden. You also want to comply when they come, let them check your shit and hand copy of documentation that states you run an exit node and have no responsibility in what comes out but they are free to look I know you can run a tor site off a rasp pi, think you can make one a cheap dedicated exit node so if they confiscate it they are taking a $30-$100 pi rather than a multi hundred to multi thousand computer that you use for work and school Hopefully mental outlaw makes a video covering all this
@@folkishappalachian6827 Using a VPS is always an option. I would never use tangible bits to run anything related to tor. I used to run tor on my physical devices, but even that is unsafe these days as big data gets fatter. Find a trusted VPS, or make your own. Got trusted partners or friends across the country or globe? There's your freedom.
@@folkishappalachian6827 dude I don't know what country you live in, but when cops bust peoples homes in the UK looking for computer crimes they take everything. Not just your raspberry pi, they'll take your kids computers and anyone else's computers in the house. And in my country saying I have no responsibility for what comes out of the exit node won't hold water either, in my country .. you signed the contract with the ISP and you're responsible for what happens across that link regardless of who uses it. That's why a bunch of local people who setup wifi because we didn't have fibre setup a company because nobody wanted to take the responsibility for who does what on the internet.
I know this attack has been talked about for years, but it’s funny that I just mentioned it to a fed contractor while drinking recently. They didn’t verbally confirm it, but the look back told me everything I needed to know nonverbally. Edit: although our conversation was about also owning exit relays and having insiders at VPNs.
This is why I tell people who swear a VPN protects them that they haven't solved anything about protecting their privacy, they just moved their point of trust from their ISP to the VPN provider (and even then only partially). They still don't know what is being collected or who its shared with.
As a new user of tor, I find it an interesting conversation. The reason I started using tor via Tails is that, as an activist, I was being subject to censorship and harassment when working in the clear, but this activity has ceased since using tor. Like it or not, tor has its uses.
@@untermench3502😭noooooo I thought it was gonna be real like u were in some peon middle eastern country or something. I would be curious what targeting you've been subject to for defending the constitution, or if the tin foil hat has been protecting you from the government brainwave hacking.
The truly anonymous Dark Web is probably a Tor fork that just their users know about, you can't de-anonymize someone if you don't know that he's currently anonymous
The theory behind networking is that with powerfull enough subnet scanners and webcrawling software ANYTHING can be detected . Nothing on the internet is truly obscurable, only securable and even security isnt a 100% guarantee. I tell my clients this all the time. Its just about funding and intellect.
@@wantrafinancial The idea wasn't not being detected, but rather be detected and be ignored. "Hide in plain sight" if you will. Basically, my point with a "Tor fork" is that, currently, Tor provides a way to detect if it's beign used on the serverside (to clarify, I mean that hosters such as cloudflare can block Tor browser and, at least cloudflare, currently provides an option for that to its clients). IMO that's like trying to be anonymous in public by wearing a balaclava, you will be anonymous but will also stand out in a way that can trigger some alarms to get somebody keeping an eye on you. Then the fork comes in by removing the identification part, like trying to stay anonymous in public by looking similar to all the people around. Then by "just their users know about" I was trying to refer to a small userbase, like small enough to not be worth spending resources on to spy if you don't have anything on them. I.e: anonymous because nobody noticed you exist, or are beign ignored. BTW, in case it wasn't clear, I do agree with you. Is just that my aproach wasn't aiming to be 100% secure, just to make the attacker need to waste way more resources than what's worth. And I do know this isn't scalable, because of its nature.
@wantrafinancial ive met people who could sit there and waste time decoding. Theres the 1st type of game programming, i think its called abyss, but very hard to learn now a days and even harder to read, yet, my old friend decoded it and recoded it. He knew more then 1 type of program for software and wpuld use them properly. Python for simple AI tasks, any games preset programming which could be CC+ i think (?) Never told me, just a gander based on how he expressed it all. I know some darkweb sites are probably connected to those fakeouts hence, you join fight club by fighting, not talking. Id never go on darkweb, even discord has my where abouts 😢
Thanks for posting this, I’m writing a book on online privacy and I’m definitely gonna tell people about the relay issue and tell them to make their own relay to help. Such informative content man god bless
> online privacy That's a thing similar to a result of division by zero. Doesn't exist. You'd need to send from a literal blackhole to have any expectation of not being traced back, if only someone powerful enough insists.
@@uekvowzkaebbzuvrgipqxhemmwbhe Aah, the classical. It's not about supporting CP, it's about protecting people's rights, or would you say that govt should micro-manage what people eat because some individuals for some reason want to eat junk-food and shit? What's that? They shouldn't? Are you supporting people destroying their own digestive system? Fuck me, if you think fighting something that's evil is worth throwing out the window any semblance of freedom and dignity humanity once had because it's "too hard" to do it otherwise, I'd argue you're insane, like the rest of the collectivist scum.
@@uekvowzkaebbzuvrgipqxhemmwbhe Not sure if you realize this but some people live in countries with media censorship. That's the primary reason I support the existence of the Tor network - information freedom. If all Tor was used for was illegal creep shit no one would ever publicly support the network considering the majority of its users and supporters are not in fact creeps; most are people concerned about their privacy, whether because it's dangerous to seek media that isn't state-controlled in their country, or because they don't want the government to know everything they do. Over time I've come to realize that ultimately there's no way to prevent the government monitoring anymore, especially in surveillance states like the US. Tor's most important usage now is to provide people with resources they can't access from the 'clear' (censored) web in their country, including news, historical resources, and banned media of all kinds that's illegal not because it's immoral but because the government doesn't want people to know about it. Tiananmen square massacre is an example of this - you can't find resources about it and you can't talk about it on social media behind the great firewall.
3 ปีที่แล้ว +59
I started watching you about a week ago, i’m not disappointed
@@LeFatalpotato it is probably a botted channel that was then sold and now youtube will hopefully terminate it soon before he becomes a terrible commentary youtuber
I proposed this method of attack about 10 years back. After the Berkely hack that did something similar, this was supposed to be stopped. Tor was to reject relays that kept going to similar excess of nodes.
You advised people to run TOR exit relays, but never warned them or the dangers of it outside of US. You could have atleast given the bare minimum warning to not run TOR relays on their home network
i have not gotten into using tor or any anonymous internet services, but a friend of mine is and told me about this possibility a few weeks ago. quite interesting.
shocked, I'm just shocked... who woulda thought that the only reasonable attack to deanonymize users is being (has been being) executed for years! SHOCKED... flabbergasted, BAFFLING, this is... seriously though thanks for the video and for bringing attention to this issue
@I ain't no millionaires son! It was God who drowned all of humanity, unleashed plagues, killed the 1st born of families, turned people into salt, etc, etc.
@@emperorhadrian6011 Can you please explain how? If the only thing that the ISP should see is that I'm using a VPN, and unlike the glowies they can't pay the VPN service a visit, how would they know?
Good lesson on tor relays, didn't know the thing worked and at end of the day (and the end of the relay exit node) the data is uncripted. And KAX17 is definitely a government agency. If it's a private, they are under government contract which is what I'd do.
I do run a relay, in fact I reckon it's one of the fastest relays on the network what with 1gbps fiber up/down. However I wouldn't run an exit relay, it's too much hassle what with getting IP banned from services I may use, having to explain to the police and ISP why my IP is producing suspicious traffic etc.
1 i thought it was baked into the protocol that bad relays would be banned from the tor network. 2. this must be a bug because i doubt that the usual suspects would bake in a back door
How do you identify one which is "bad" ? That's the problem I think. I could run some for years and be considered legit, then someone could tap me on the shoulder and say here's $1m to do this or that for us on your exit nodes. How would you know that my nodes were bad?
some news from the same topic: the government in russia has been started massive campaign to block the tor. The algorithm/techs how exactly they gonna do its unknown (analyzing meta from packets?)
I really, really wish I could understand what this video is talking about beyond the gist that compromised tor= less online anonymity =bad. Would be very grateful to anyone who wants to take the time to explain in layman's terms.
Tor is a law enforcement tool. NSAs xkeyscore program focuses attention on anything encrypted. The underlying human being has 'rights. Anonymous communications of unidentified avatars have no rights whatsoever .
@@Daniel_RO-TM Chrome. And it would take anyone maybe 5 minutes to learn who I am, where I live, etc. etc. from my video descriptions which include websites.
@@SunriseLAW i asked what browser you use because if Tor is law enforcement tool, then there is nothing we can trust and therefor you use Chrome for convenience even if google is invasive. This is what ur trying to say ?
@@Daniel_RO-TM What I am saying is internet is a 2-d proxy world of unidentified and often robotic avatars. The dishes in your sink are real, nothing here is because hardly any of us use the internet for wrongful purposes and none of us are 'important' enuf for anyone to care about... much less notice us which is why the occasional call from 'mom' or whoever is nice.
I think that every user should be client and server. Every user should be an end point. That should be in the code. That would probably make users choose their side
You should really make that video about how to deploy a tor relay on a computer. Don't forget to talk about security risks if any, privacy and legal stuff.
It's worth mentioning that you say that decrypting traffic would require "getting ahold of these 3 relays" is not correct. Even if a malicious actor controls ALL the relays they cannot decrypt the traffic which is end-to-end (E2E) encrypted. Even if it's an exit-node the HTTPS traffic is E2E.
There are videos by Roger Dingledine and Jake Applebaum (of the tor project) talking at CCC covering these topics in much detail. Great info in a user friendly format. For those who want more detail check out those aforementioned videos. If you notice these nodes point it out publicly and to tor project to boot them from the network. 👍
Tor has always been broken and unsecure. But people don't know about and so still sue it , thinking they where 'safe'. Generally anonymity comes with a price, and more secure technologies like freenet protocol have never become too popular, because they are extremely slow.
Remember kids if you putting a project to protect people privacy and right in the web is big no no on the government unless you the media and the feds.
And ontop or it all it only uses say 20% of their network speed unless certain parameters are .eth so it just sits and lurks. Would be amazing because of the boomers that leave their pcs on 24/7 so at night it could run full speed and they wouldn't be the wiser.
No, not as long as governments don't care at all about spending money. They will spend whatever amount they need to to get access. To outnumber the cops, they'd need to pay relay hosts immense amounts of money to get everyone onboard so they can outnumber government servers. At which point you'd essentially be paying the government to spy on us as well, for free.. so it kinda doesn't work.
@@vgaportauthority9932 Hang on. If the network incentivized more relay hosts, this wouldn't necessarily decrease the cost of spying. Let's say that LE attempted a similar tactic, hosting a collection of entry and exit nodes. Their concentration of servers would be reflected in the value of the currency, thus making it virtually worthless. Value would depend on network competency, and ideal host vs. LE host ratios, i.e. whether the network protects the anonymity of its users optimally. Wouldn't it be even better to have a visual component to the state of a network in the form of currency?
@@zasterheffor how does tor recognises that multiple relays have the same owner? That's the real problem with any relay-based network protocol. Even if it was so easy to fingerprint tor relays do we really think this would stop the making of these relays?
But Microsoft apple and Google have all signed up to share your data upon request by any government agency (signed into effect in 2012). No warrant needed.
Don’t use tor, nor do I care. But what kills me is that back when it had first became something (like around 2005 or thereabouts), it really sucked to play around with because of how slow it was. This was due to there only being some 10,000ish devices out there relaying traffic around. You’re trying to say that today (some 16+ years later) it’s still the same?!? I’d have thought that there’d be literally millions of nodes, relays, or whatever makes it up by now... Weird...
when i tried to play with it, it asked me if i want to run a relay since it'll make it faster for everyone. but it also said that there are risks involved with that. as i didn't need any troubles, just didnt use tor (too slow, and running a relay is too risky)
There's another group that might do this, and they're not a government. It's the Record Industry and Film/TV Producers and Distributors - the people that make money off the Artists by selling the artists works. And, as these are all commercial entities, they're not limited by national boundaries, so can set up relays anywhere they want.
Somebody should make some kinda of service where you pay X amount per month and they host and maintain a relay for you. Im sure some people out there would be willing to finacially support the Tor Network given its resonability priced but dont want to go through the hassle of setting one up
"Somebody should make some kinda [of] service where you pay X amount per month and they host the legal liabilities of anything and everything that comes out of that hosting." Fixed that for you, sir ;-)
@@liamholcroft7212 there are a lot of websites that cover this better than I can, but basicly persian rugs were banned in the US multiple times by US sanctions.
@@muchotexto4248 dude, have you seen how much US has difficulties extraditing Assange to US from UK? And that's UK, not Switzerland. If countries start cooperating to catch you, I think you have bigger problems.
How foolish to assume it's only one entity or just a couple doing the tracking. We can pretty much be guaranteed that multiple agencies within the US gov alone are compromising tor, and it would be stupid of any other country to not do the same. Good guys, bad guys, and even corporations like Google, Amazon, and Apple would be doing it as well. The only question is who isn't compromising it.
I dont think its a law enforcement/police agency. You kinda need to produce evidence of how you secured the evidence you produce in court if you are going to trial. That is why i dont think its the DEA, IRS, FBI or the ATF. My guess is on the CIA or the NSA(the latter most likely), as the NSA is exempt from all of this, and does its operations internationally. I think this isnt drug related, but leak-plugging and espionage related.
Just so happens that i just got a Gigabit (1000/1000) internet connection with a public IP and all ports accessible. Might as well contribute. Idk if my ISP will be happy though (they really don't like torrent(nothing a VPN can't solve, but still). I guess will find out soon. I've already am running bridges on most of my VPSes.
i know a guy who does pen testing for agencies in DC and he says he finds quite a bit of CP on government computers and rarely do the employees get charged with crimes, usually just shuffled around departments
I will try to figure out how to set up my own node to help out. Many more smaller participants is always better than a few big players. That applies to everything in life!
There is heavy reason to suspect government play (really international efforts though if I'm remembering correctly I think it's the swedes that had taken over a ton of accounts from silk roads takedown) and these governments are still potentially the ones running the servers and also several accounts and potentially even marketplaces themselves if you want to get super conspiratorial, as that was a suggested tactic already. Barely sociable has some great videos with research an info on this subject that I'd recommend. Definitely worth your time
Interested in the Tor Relay tutorial! I've got an old laptop sitting around with a totally shot battery. Could be worth running a Tor Relay on that! Or anything, relay, just something to get a bit more use out of it.
Main requirement is public IP address. If you have it, then just try. But I advice running non-exit relay, that way your will get less bans for your IP address from different services.
Govt: We need truly anonymous internet for our illegal drug and arms trades. Govt: Release Tor People: Awesome! We can use Tor to buy illegal things anonymously online! Thx Govt! Govt: We need to end Tor
This isn't just glowing this is radiating
They produce light on their own or they are a black body?
Fukushima and tchernobyl are nothing next to all this irradiation.
@@GasGiantMoon Is the sun enough radiation?
So there’s free nuclear energy in Washington
@@hugoflores5806 You forgot to talk about UV rays.
I dont want the argument of "stopping crime or drugs" to justify taking away privacy. Something I believe should just be a basic human right.
It's not a war on drugs the wars on personal freedom. let's keep that in mind at all times - Bill H.
Stopping Covid though…
I agree. Its not like your ever destroying the drug market anyways. To much demand
Like taking drugs, basic human right
The government is gonna do everything they can in the coming decade to eliminate privacy
I would not recommend anyone run an exit relay unless they really know what the risk are. Middle and Guard are still very much appreciated.
What are the risks of running an exit relay?
@@VeeTHis A knock on your door
@@BluecoreG OH SHIT
then who can run exit node?
@@PenguinCrayon269 people in countries where the government does not care
As a Network Engineer, I have been raising this as a red flag for YEARS. Nobody believed me many years ago.
the name ron paul help me secure my network i know its leaking !
Honestly, you should just never assume anything is water-tight... and I don't think anyone ever said it was impossible to exploit Tor, just that it was difficult. The time had to come eventually and this is likely us only finding out about it just now.
Snowdon in Novemeber 2021, stated....
VPN are useless for protection against Government access, and so is encrptyion. As the Governments have so many back doors to your OS, Windows, Mac, Iphone, Android, they can see if you can see. They also can access your smartphone instantly if they have your IMEU number.
VPN and encryption only helps to stop basic hackers.
Also Snowdon stated you should do muliple VPNs ie VPN a VPN, to stop hackers, but it still won't stop government access.
Also VPN servers could be leaking or hacked by governments.
Have you noticed how they're trying to kinda pretend the last 20years of tech didn't happen.
Like phone privacy is a new thing, hell they even had reports on the new danger..facial recognition only last year. Funny that the USA have been keeping that quiet but the UK government was totally open about it. Sorry USA cats out and has grandkittens 😬😂
If a nation state can create a temporary 33% chance they get your traffic and identify you, it really pokes holes in the logic of even bothering with Tor.
Tor was always super dumb in my eyes. It just seemed like what's happening here was guaranteed to happen. For a while I actually just assumed the Tor browser itself was made by the CIA or other agency. It would be a perfect way to just get everyone's data for free.
Give up on Tor, it's dumb. Alwas was.
That's the point
The issue is that trust is required for security. How do you know who to trust? Is it better to trust the government and/or private companies, or random people hosting servers, servers that happen to pipe all your internet traffic......Honestly you are already trusting the government and private companies anyways, then laying on top of it trust of random people....how is that more secure?
We (here in Russia) just hope it doesn't belong to Russian Government.
It is possible to reconfigure Tor to use 10+ hops instead of the default 3, paying for reduced deanonymization risk with yet more network latency.
This attack seems to be an anomaly because of how big it is. And how expensive it is. The relays have to actually deliver enough bandwidth to satisfy demand, otherwise they won't be used for making connections. Tor was started in 2002, where this was unthinkable. Maybe we're now at a point where commercial hosting is cheap enough to make such attacks viable, and that the devs need to find a way to counter that.
One possible counter is to add at least one node with increased trust - stable nodes added before 2015, nodes operated outside of the US by a known privacy organization, etc. I'm sure the Tor devs have already come up with ideas.
Even if US anonymity is compromised (which sucks), there are users who don't care about the US and are instead dodging some lesser threat. There's also a bunch that just shovels torrent traffic through Tor.
Ah yes, the U.S. government, “We can do shady shit, but you can’t be anonymous on the internet.”
@bodd boward Does Australia count?
To be a government you first need to be elected.
@@lukesutton4135 not true in many cases. You can buy, bribe, kill, assassinate, blackmail, lie, cheat, steal votes/elections, pull strings in media, be friends with the right people, be a willing puppet by someone bigger, etc. I could go on and on but no there's many ways to be part of a government or part of a world problem, most of them not legal and certainly not always voted or caused by the people.
“we get to have secrets, not you.”
@gu4t4f4c not as bad as government, international, and world corruption at a fundamental level with no way to root it out or fight back against it (with not enough money or power to do so legally) and the only anonymity is reserved for those corrupt governments and organizations.
PSA: Don't host a relay if you've got a static IP. It will get flagged as a part of the Tor network and you will find yourself not being able to access some clearnet sites that auto-ban Tor associated IPs upon connection.
It won't if you configure it not to function as an exit node
If you're wealthy enough to decide who you do business with, it's better not to do business with any sites that auto-ban Tor associated IPs anyway
the best option is to create VPN tunnel, and use the VPN's ip address instead. Which will disguise your actual 1.
discrimination
I've never heard of a website doing that before... Can anyone provide some examples?
Raspberry Pis would be a Great idea for relays. Not that expensive, low energy consumption, don’t take up much space so they can just kinda sit around your router.
Why would you do that when you could just get a bunch of secondhand desktops and run proxmox on them?
@@skywz $3 xenons go brrrrrr
@@skywz a desktop is quite overkill for this...the Pi has almost an order of magnitude less power consumption, so especially when scaling, the power cost would start to become a significant factor.
@@skywz sounds like someone doesnt know how to have any efficiency in peer to peer networks
@@gackhuhn4868 And that is if the pi is under a heavy load, they usually draw less.
It's important that the effectiveness of Tor be highlighted and stated as often as possible. The moment the public sees that there may be a vacuum for 'insert privacy tech', a thousand new but bullshit solutions fill this perceived void. Tor is excellent and should be kept and expanded. It is the most useful international tool against surveillance and for the exercise of fundamental civil liberties we have.
You say "perceived void" as if these voids aren't real. You literally can't make a 100% open source device work with cell networks anymore, "privacy tech" is pretty much nothing but a void.
fundamental civil liberties of doing what?...
@@bentos117 in this context mainly the 4th amendment which gives you the liberty to stop unreasonable searches seizures etc from being done to you
And also the 1st amendment which gives you the liberty to engage in free speech and political communication
In other countries they might not be called amendments but the fundamentals of human rights are fundamental to human nature everywhere
@@HolbrookStark is Tor needed for any of that?
@@bentos117 in the context of the internet, obviously yes? What kind of question is that
One year, suddenly the whole network expanded by 50% at the same time and place, and those computers were all in one particular place. Almost as though there was effort to control all of a particular kind of node through that place. Hmmm..
My understanding is that Tor doesn’t scale very well when the ratio of relays to users is too high because there’s less traffic mixing and more simple packet forwarding.
Correct
For proper anonymity, nobody should be able to differentiate between someone using TOR for legitimate purposes and those who aren't
Tor relay serves thousands of connections. So it is safe to make 2x relay count. Maybe even 10x. 100x will be a problem most likely. But it will not happen anytime soon.
@@sdjhgfkshfswdfhskljh3360
As long as you use a trusted guard node you can still have anonymity, but there's no way to defend against pattern matching if someone (law enforcement) was interested enough to put in the work
By correlating packets that you send with ones being received at the exit node, they can still unmask you
@@dustinjames1268 Wouldn't doing that be like a giant fishing expedition though? It almost feels like a ton of work to fish for cybercriminals when (assumingly) most of the connections you're sifting through have nothing incriminating or at least interesting.
@@fastestdino2
Basically they won't put in the effort to pattern match your traffic unless they have good reason
Say they suspect you of running or accessing a CP onionsite, they will try.
These glowies can glow brighter than a whole electric arc.
Bright light at night isn't good for our chronobiology 😎
I know, right.
@@N.S.A. I was busy fixing an electrical cabinet then one of your Buds came closer that the blinding light put my life in danger. Idk what pills you're taking guys but it's getting problematic.
Reminder to hit glowies niggies with a car as the Lord intended.
@@ccriztoff One word : TempleOs.
He is infamous for his stream shouts too.
Looks like Tor needs a update.
I've given thought to some kind of TLS relay protocol. The server looks like just another TLS protocol server until it hears a relay request. Then it arranges a TLS connection and negotiation between the client and the next server in the chain, never sure if the next server is another relay, or just an ordinary TLS server.
@@hanelyp1 you should take a look at bridges and the obfs family of protocols, especially the latest interation. A bridge with obfs is basically a private guard relay, only used by those who know it exists. Later obfs protocols are actually actively trying to prevent probing, by requiring the user to know a secret key, in order to even detect it as a bridge. I'm sadly not very familiar on how exactly this is achieved though.
There isn't a technical solution, just like there is no political one. The people behind this want us dead, so they need to be removed.
@@lord_khufu what kind of order is that
@@nullsphix8382 my 5th grade english teacher's order
the problem with being a relay are the legal implications if somebody abuses it, germany is not very nice to people that work for an open Internet
Wow, Germany cracks down on individual rights and privacy? Who would’ve thought
@@IanBLacy ikr. just a few weeks ago, they sentenced a 70-something years old woman for filesharing.
she doesn't even own a computer, wifi was set up by the phone company just to get a higher price on her package
ah, the older woman must've never changed her wifi password (if any at all), if ot was set up for her just to jack up the price.
Who could have guessed that a massive and pubicly well known way around surveillance would targeted by powerful groups
These wojaks in the thumbnails are getting better and better
I agree.
AAAAAAAAAH
A toast to our fallen /qa/ brothers, their legacy will live on in the thousands of soi edits made in the last two years
0:08 -Appreciate how he edited the images in the video in the rhythm of his voice. AMAZING 😍.
Autotune just got mogged
I also noticed that, a funny upgrade
yeah
lol its not that impressive, just add images wherever he says a word
and it's not a "rhythm", it's literally just talking
@@2fifty533 first of all, it is rythm. Second, we are just appreciating that slight editing touch he made, a nice detail
Props for putting Glowies in your thumbnails so often. RIP Terry Davis
real props goes to whoever drew it, those neets are doing Gods work.
@@MentalOutlaw
Damn straight.
@@emperorhadrian6011 Based Emperor. But you let some escape!
@@SchemingGoldberg
Shame on me. finish the job I couldn't, fren.
@@emperorhadrian6011 Sir yes sir!
Question about relays: Setting up a relay should be fine, but from my cursory understanding of Tor, running an exit node would probably result in some sus traffic through my network. Is there any way to pipe the exit connection through a VPN or something to protect me before it hits the web, or should I just not run an exit node?
Unless the vpn is owned by you it kinda defeats the purpose of tor. You'd be centralizing your traffic to the vpn crevice.
Untrue. Nobody cares if you run tor exit node.
If you are even asking these questions, you are unequipped to run an exit node.
There’s nothing more insufferable than a TORelitist
@@index7787 That's kind of why I'm asking the question.
We should make a crowd funding so one who already hosts can host more servers. The best would be to host in cheap countries and thousands of them
You can already donate to organizations that host servers
Why not make a Monero like crypto where nodes and miners exist and all miners are also nodes
Glowies glowified the protocol made by the glowies. Fluorescent move
How illuminating
enLightening
Spun up an exit, a bridge and a relay/guard, just to spite the glowies
Thank you.
@@N.S.A. hol up
Make sure that your ISP allow exit nodes. Otherwise they may just ban you. I am not kidding. It happened to me.
@@quidquopro1185 don't worry. I'm using a vps and the hosting provider is fine with it. I am going to host a relay and a bridge from my home internet once i get the chance
@@spinningjenny1629 ok sweet! Yeah i were just worried because I got my mom and dads network banned for 1 month just for running an exit node a few years ago. They were NOT happy...
Huh, I thought this was a "open secret". It's reasonable to assume that Tor has been compromised in one way or another since forever.
What gave you that idea in the first place? Genuine question here, not sarcastic nor rhetorical.
@@5555Jacker Remember reading about theories that the FBI were hosting exit nodes back in the silk road haydays. Nothing concrete, but entirely plausible theories if you ask me. Haven't revisited the subject since. Might've been debunked with today's knowledge for all I know.
@@BromTeque Probably they were, but exit nodes alone shouldn't be enough to deanonymize somebody AFAIK. Could definitely be used for MitM attacks like SSL stripping, though. If I'm correct, Silk Road actually got brought down due to terrible opsec, rather than a weakness in Tor.
in almost every case where someone or a service was discovered on Tor it was bad Opsec and greed. however there are other but rarer examples and it requires a lot of resources (aka your tax dollars) to do this sort of thing, and it isn't even sure fired way.
@@5555Jacker you can't know what really brought it down.
The issue with CI or FBI using tor and setting up servers, is that when you look into the abyss, the abyss looks back at you.
I don't think that means anything
they have way more funding and resources than literally everyone. cant fight back lol
@@swagmoneybuge Not with that attitude.
what is that dumb shit 😂
That abyss is real my friends, be safe out there!
I am very grateful to the NSA that because of their servers Tor is so fast when I want to buy weed.
I am very grateful to live in a country where weed is legal and I don’t need to bother with dark web bullshit
U got telegram or sumn. Or link to a tutorial to how to buy it online
@@sj-bg4up Nice try, fed boy.
@@LaPapaMollido original
@@LaPapaMollido he just said weed is legal where he’s at so why would a fed care
I suppose this is one of the big issues with moving tor to a totally decentralized model, because then there is no authority to kick this sort of attack off the network. And governments have the resources to run far, far more relays than currently exist. Perhaps the only solution would be to make it so absolutely every tor user is also a relay (which still wouldn't be perfect, but a few million relay nodes in the middle would make it far less likely to hit three hostile nodes). Of course then comes the issue that many users will have very poor internet connections, as well as the potential issue with dynamic IPs.
at first i thought that was actually the case, that every tor user is a relay, was pretty surprised when i found out it wasnt
@Guy Dude they should make it so if your internet connection and computer specs can handle it you are forced to be a relay
then you got me 1mbps on a 90s machine here
You described i2p
this is literally I2P
Please do the Tor relay video. I think it would be a good help for those that don't use Tor, bunt understand the importance of an anonymous network.
Don't just run TOR relays on your home connection. Even if it's not an exit, some services will flag or outright block you. Online shopping and online banking are just two areas that can be heavily impacted.
Source? I have never heard of getting flagged or blocked by being tor exit node.
@@hitler69 I’ve seen it mentioned in the comments previously (and have also noticed in threat feeds used by Umbrella, Firepower, etc) but I think companies can semi-easily block tor via URL / IP threat feeds. Not 100% sure but I believe Cisco firepower’s security intelligence for example allows you to whitelist, monitor, or block tor nodes.
Running a middle node is fine. It would only help the issue. Fed
I only had one problem running a guard node - some copy protection scheme for streaming video that flagged every node. That was years ago.
Thank you for teaching people how to be more safe against dangerous malicious servers, AKA the government
It's a good thing you told us to double-check that everything could be done up and up because it turns out my ISP is Verizon and they will block the TOR traffic.
I span up a tor relay and now I've also won a free trip to Guantanamo Bay! They say it's a beautiful beach resort in Cuba. Thanks Kenny!
much respect for the high quality fresh news videos, love from Southern Kurdistan
I wonder who it could possibly be?
The Tor network needs to be turned into some kind of blockchain environment where you get rewarded for hosting a relay and mining is the act of relaying data.
Kind of like a virtual version of the Helium network.
If we could do that, the amount of nodes would explode. The informational sovereignty of the entire planet can't rest on a handful of volunteers.
It's Santa Claus updating his naughty list.
1:34 I remember back in 2007 some people used their PowerMacs as Tor nodes. I know because back then, Tor had a very nice GUI made in Qt4 called Vidalia and with it you could check the identity of each node as reported by uname -a, unless they were Windows then it showed something else. It's a shame Tor toils with gimping Firefox these days rather than support Vidalia. It's been almost 10 years since they dropped it.
Informative and important coverage! I hope the dissidents in surveillance states that rely on this don't suffer the terrible consequences this brings.
Feeding algo...
If half the servers belong to the US or Russia, then aren't you safer in the third world? Unless they are collaborating with your local dictator, which does happen a lot. But if you're in a random other country or aligned with their interests then their servers may actually protect you from your own government's attempt
@@muscularclassrepresentativ5663oh yeah, no, there was a story where people would use this tor/o ion gist to help with getting aid and voices heard. Great for USA as its a intelligence spy aid into country affairs.
I think it was russia to, who uses it to surf our american clear web, or it was a middle eastern place, i forget.
Or nk.. i think nk, how rlse we know the sll great kim joung ung is nit so great? We dont send shit there, chuna might also start using it
If boomers fell for the freedom phone surely they would fall for buying tor relay freedom boxes
Boxes decked out in RGB T glowing lights.
now that's an intersting idea. we could sell raspberry pies in enclosures togheter with a manual on how to conect the tor network. this is something that even i would buy depending on the price
@@l0k048 20-30 bucks a pop. Boomers buy relays, but pissed their speed slows
maybe bundle it with a mini-fridge for beers/energy drinks similar to the kfc game console
This is a brilliant idea.
Careful with running exit relays, someone looks up CP through your exit relay and you'll get swatted
Usually alphabetti sting ops pin exit relay engineers with cp
@@synthesoul I figured glow joggers may do that, to be safe there is documentation you should have and should live a squeaky clean lifestyle.
Beyond documentation, you want CCTV in house, hidden. You also want to comply when they come, let them check your shit and hand copy of documentation that states you run an exit node and have no responsibility in what comes out but they are free to look
I know you can run a tor site off a rasp pi, think you can make one a cheap dedicated exit node so if they confiscate it they are taking a $30-$100 pi rather than a multi hundred to multi thousand computer that you use for work and school
Hopefully mental outlaw makes a video covering all this
@@folkishappalachian6827 they probably would confiscate more than just the rasberry-pi if they are suspicious of you running a terroris or cp group
@@folkishappalachian6827 Using a VPS is always an option. I would never use tangible bits to run anything related to tor. I used to run tor on my physical devices, but even that is unsafe these days as big data gets fatter.
Find a trusted VPS, or make your own. Got trusted partners or friends across the country or globe? There's your freedom.
@@folkishappalachian6827 dude I don't know what country you live in, but when cops bust peoples homes in the UK looking for computer crimes they take everything. Not just your raspberry pi, they'll take your kids computers and anyone else's computers in the house. And in my country saying I have no responsibility for what comes out of the exit node won't hold water either, in my country .. you signed the contract with the ISP and you're responsible for what happens across that link regardless of who uses it. That's why a bunch of local people who setup wifi because we didn't have fibre setup a company because nobody wanted to take the responsibility for who does what on the internet.
I know this attack has been talked about for years, but it’s funny that I just mentioned it to a fed contractor while drinking recently.
They didn’t verbally confirm it, but the look back told me everything I needed to know nonverbally.
Edit: although our conversation was about also owning exit relays and having insiders at VPNs.
Woah
"I can neither confirm nor deny, but man I feel ya."
This is why I tell people who swear a VPN protects them that they haven't solved anything about protecting their privacy, they just moved their point of trust from their ISP to the VPN provider (and even then only partially). They still don't know what is being collected or who its shared with.
@@TheFinagle You never can as this hack shows. Might as well pick a good VPN provider since it's better than nothing.
@@TheFinagle Tbh, i think most people use VPNs just so they can watch region-locked content.
As a new user of tor, I find it an interesting conversation. The reason I started using tor via Tails is that, as an activist, I was being subject to censorship and harassment when working in the clear, but this activity has ceased since using tor. Like it or not, tor has its uses.
what cause do you fight for? of course if you don’t wanna mention it i understand
@@xenonbreakout I fight for the Constitution of the United States.
@@untermench3502 i think you can stop now, it got ratified like 235 years ago
@@untermench3502😭noooooo I thought it was gonna be real like u were in some peon middle eastern country or something. I would be curious what targeting you've been subject to for defending the constitution, or if the tin foil hat has been protecting you from the government brainwave hacking.
@@untermench3502 lmfao so in clearer terms you're a far-right wannabe fascist. gotcha.
The truly anonymous Dark Web is probably a Tor fork that just their users know about, you can't de-anonymize someone if you don't know that he's currently anonymous
this
The theory behind networking is that with powerfull enough subnet scanners and webcrawling software ANYTHING can be detected . Nothing on the internet is truly obscurable, only securable and even security isnt a 100% guarantee. I tell my clients this all the time. Its just about funding and intellect.
@@wantrafinancial The idea wasn't not being detected, but rather be detected and be ignored. "Hide in plain sight" if you will.
Basically, my point with a "Tor fork" is that, currently, Tor provides a way to detect if it's beign used on the serverside (to clarify, I mean that hosters such as cloudflare can block Tor browser and, at least cloudflare, currently provides an option for that to its clients). IMO that's like trying to be anonymous in public by wearing a balaclava, you will be anonymous but will also stand out in a way that can trigger some alarms to get somebody keeping an eye on you. Then the fork comes in by removing the identification part, like trying to stay anonymous in public by looking similar to all the people around.
Then by "just their users know about" I was trying to refer to a small userbase, like small enough to not be worth spending resources on to spy if you don't have anything on them. I.e: anonymous because nobody noticed you exist, or are beign ignored.
BTW, in case it wasn't clear, I do agree with you. Is just that my aproach wasn't aiming to be 100% secure, just to make the attacker need to waste way more resources than what's worth. And I do know this isn't scalable, because of its nature.
@lyamschuss8786 dont talk about fightclub, just fight to join fight club.
@wantrafinancial ive met people who could sit there and waste time decoding. Theres the 1st type of game programming, i think its called abyss, but very hard to learn now a days and even harder to read, yet, my old friend decoded it and recoded it. He knew more then 1 type of program for software and wpuld use them properly. Python for simple AI tasks, any games preset programming which could be CC+ i think (?) Never told me, just a gander based on how he expressed it all.
I know some darkweb sites are probably connected to those fakeouts hence, you join fight club by fighting, not talking.
Id never go on darkweb, even discord has my where abouts 😢
LOVE the operating system caricaturisations, totally appropriate. Now do the same for distributions :)
Thanks for posting this, I’m writing a book on online privacy and I’m definitely gonna tell people about the relay issue and tell them to make their own relay to help. Such informative content man god bless
> online privacy
That's a thing similar to a result of division by zero. Doesn't exist. You'd need to send from a literal blackhole to have any expectation of not being traced back, if only someone powerful enough insists.
@@TheLukasz032 lmao facts, it’s more centred around anonymity but there is a focus on keeping your data as secure as possible
Why would I want to help pedophiles to watch CP? Do you support the abuse of children?
@@uekvowzkaebbzuvrgipqxhemmwbhe Aah, the classical. It's not about supporting CP, it's about protecting people's rights, or would you say that govt should micro-manage what people eat because some individuals for some reason want to eat junk-food and shit? What's that? They shouldn't? Are you supporting people destroying their own digestive system?
Fuck me, if you think fighting something that's evil is worth throwing out the window any semblance of freedom and dignity humanity once had because it's "too hard" to do it otherwise, I'd argue you're insane, like the rest of the collectivist scum.
@@uekvowzkaebbzuvrgipqxhemmwbhe Not sure if you realize this but some people live in countries with media censorship. That's the primary reason I support the existence of the Tor network - information freedom. If all Tor was used for was illegal creep shit no one would ever publicly support the network considering the majority of its users and supporters are not in fact creeps; most are people concerned about their privacy, whether because it's dangerous to seek media that isn't state-controlled in their country, or because they don't want the government to know everything they do. Over time I've come to realize that ultimately there's no way to prevent the government monitoring anymore, especially in surveillance states like the US. Tor's most important usage now is to provide people with resources they can't access from the 'clear' (censored) web in their country, including news, historical resources, and banned media of all kinds that's illegal not because it's immoral but because the government doesn't want people to know about it. Tiananmen square massacre is an example of this - you can't find resources about it and you can't talk about it on social media behind the great firewall.
I started watching you about a week ago, i’m not disappointed
Need to ketchup with his steak videos!
@@LeFatalpotato OP is a bot
@@notpreacher1564 lol. Didn't expect a 170k channel to be a bot. The feds have infiltrated here too I guess.
@@LeFatalpotato it is probably a botted channel that was then sold and now youtube will hopefully terminate it soon before he becomes a terrible commentary youtuber
Nice sub bot tho
I proposed this method of attack about 10 years back. After the Berkely hack that did something similar, this was supposed to be stopped. Tor was to reject relays that kept going to similar excess of nodes.
You advised people to run TOR exit relays, but never warned them or the dangers of it outside of US. You could have atleast given the bare minimum warning to not run TOR relays on their home network
The glowies giveth, the glowies taketh away
mostly taketh away
i have not gotten into using tor or any anonymous internet services, but a friend of mine is and told me about this possibility a few weeks ago. quite interesting.
CMU has been known to use this technique to deanonymize users. They have a few papers written on the subject and an absurd amount of funding
well my question is... what are you all buying and viewing on the dark web that makes you want to remain anonymous?
@@creatorzp None of your business
@@creatorzpMods for games nothing more
@@creatorzp "smoothbrained4channer" accurate username
shocked, I'm just shocked... who woulda thought that the only reasonable attack to deanonymize users is being (has been being) executed for years! SHOCKED... flabbergasted, BAFFLING, this is...
seriously though thanks for the video and for bringing attention to this issue
Run a relay from a VPS ! Not terribly difficult AND it's not at your house. Assuming the VPS isn't compromised.
govs doing the same to monero, via ciphertrace
I'm here faster than Bill Gates coming to your house when you crack Windows.
How did you get in bill, my door is locked and you don't have a key!
Loads shotgun "nether do you!"
Who cracks Windows anymore? Just don't register it or get a gray market CD key.
@I ain't no millionaires son! It was God who drowned all of humanity, unleashed plagues, killed the 1st born of families, turned people into salt, etc, etc.
@I ain't no millionaires son! Dude, it's in The Bible. Your god is evil.
@@LePedant Why all this over a joke?
Considering that I use Tor to hide stuff from my ISP and not necessarily from glowies, how much should I worry about this?
You’re chill
As far as I know the most basic free VPN, even if controlled by the glowies is more than enough to do that.
@@supernovaw39
It isn't.
Yeah I just want my ISP to not know what I'm doing or downloading. Is it still good for that?
@@emperorhadrian6011 Can you please explain how? If the only thing that the ISP should see is that I'm using a VPN, and unlike the glowies they can't pay the VPN service a visit, how would they know?
I never felt Tor would anonymize me, since my real first name is Tor.
Good lesson on tor relays, didn't know the thing worked and at end of the day (and the end of the relay exit node) the data is uncripted.
And KAX17 is definitely a government agency. If it's a private, they are under government contract which is what I'd do.
So basically, being a tor relay is just like seeding a torrent...?
it's closer to being a vpn provider than it is to being a torrent seeder
Seeder isn't a good analogy. Everyone on a torrent tracker is sharing their ip address with everyone else.
Yup. Want to monitor traffic and spy on dumb users on the internet who think they're hiding? Set up a Tor relay.
@@gymkhanadog a single relay cannot spy on users' traffic
@@olpporsetty I bet you also think I can't see your VPN traffic if I were the host. ;)
Digging up my old laptop to setup a relay, ISP checked, laws checked. Now i need a spare wire.
glowing in time for christmas
Years ago I heard that tor was no longer safe and that tor was really created by the FBI as the biggest honeypot ever.
I started a Tor relay on my VPS today. I don't have the balls to make it an exit node, but I like to think I'm helping
why not a exit one?
@@jamescollier3 Exit nodes produce fed pheromones
@@sciencoking fed pheromones rofl
I do run a relay, in fact I reckon it's one of the fastest relays on the network what with 1gbps fiber up/down.
However I wouldn't run an exit relay, it's too much hassle what with getting IP banned from services I may use, having to explain to the police and ISP why my IP is producing suspicious traffic etc.
1 i thought it was baked into the protocol that bad relays would be banned from the tor network.
2. this must be a bug because i doubt that the usual suspects would bake in a back door
How do you identify one which is "bad" ? That's the problem I think. I could run some for years and be considered legit, then someone could tap me on the shoulder and say here's $1m to do this or that for us on your exit nodes. How would you know that my nodes were bad?
@@silverismoney i would suspect maybe hashing is used and if the hash does not match then the node is disabled.
would be my guess
some news from the same topic: the government in russia has been started massive campaign to block the tor. The algorithm/techs how exactly they gonna do its unknown (analyzing meta from packets?)
It's already been successfully done in Iran afaik, that's the reason for the existence of obfsproxy bridges, which mask tor traffic as https
the TOR
Mosfet Transistor
LCD Display
mfw when
PIN number
check what an abbreviation stands for before deciding which words to add
I really, really wish I could understand what this video is talking about beyond the gist that compromised tor= less online anonymity =bad. Would be very grateful to anyone who wants to take the time to explain in layman's terms.
Tor is a law enforcement tool. NSAs xkeyscore program focuses attention on anything encrypted. The underlying human being has 'rights. Anonymous communications of unidentified avatars have no rights whatsoever .
what browsers you use?
@@Daniel_RO-TM Chrome. And it would take anyone maybe 5 minutes to learn who I am, where I live, etc. etc. from my video descriptions which include websites.
@@SunriseLAW i asked what browser you use because if Tor is law enforcement tool, then there is nothing we can trust and therefor you use Chrome for convenience even if google is invasive. This is what ur trying to say ?
@@Daniel_RO-TM What I am saying is internet is a 2-d proxy world of unidentified and often robotic avatars. The dishes in your sink are real, nothing here is because hardly any of us use the internet for wrongful purposes and none of us are 'important' enuf for anyone to care about... much less notice us which is why the occasional call from 'mom' or whoever is nice.
@@SunriseLAW i understand but still chrome is a wrong choice as browser, well from my perspective. should not give power to those...
I think that every user should be client and server. Every user should be an end point. That should be in the code.
That would probably make users choose their side
except then not a single person from germany could access tor because their government doesn't allow relays of any kind.
Go on tor, goto a website
*This content is blocked in your country*
Kek
You should really make that video about how to deploy a tor relay on a computer. Don't forget to talk about security risks if any, privacy and legal stuff.
It's worth mentioning that you say that decrypting traffic would require "getting ahold of these 3 relays" is not correct. Even if a malicious actor controls ALL the relays they cannot decrypt the traffic which is end-to-end (E2E) encrypted. Even if it's an exit-node the HTTPS traffic is E2E.
Unless they run an SSL downgrade attack
They don't need to decrypt the traffic. They just need to find your house.
@@destroyer2973 doesn't work in any browser
They just wanna know who you are man
There are videos by Roger Dingledine and Jake Applebaum (of the tor project) talking at CCC covering these topics in much detail. Great info in a user friendly format. For those who want more detail check out those aforementioned videos. If you notice these nodes point it out publicly and to tor project to boot them from the network. 👍
Tor has always been broken and unsecure. But people don't know about and so still sue it , thinking they where 'safe'.
Generally anonymity comes with a price, and more secure technologies like freenet protocol have never become too popular, because they are extremely slow.
blame it on the alphabet boys
hi john
no way it's john
when was the last time you logged on oldfrog (or the other alias which i will not state)
Remember kids if you putting a project to protect people privacy and right in the web is big no no on the government unless you the media and the feds.
or write a virus that doesn't attempt to take over someones computer and ransom it for BTC... but rather just runs a TOR node on it... :-D
nice idea!
That would probably be the final generation of anonimized networks
Great idea for giving people free nightlights.
And ontop or it all it only uses say 20% of their network speed unless certain parameters are .eth so it just sits and lurks. Would be amazing because of the boomers that leave their pcs on 24/7 so at night it could run full speed and they wouldn't be the wiser.
anti-based
Would a decentralized anonymity focused network that rewarded relay hosts in the form of network currency be a solution to this problem?
No, not as long as governments don't care at all about spending money. They will spend whatever amount they need to to get access. To outnumber the cops, they'd need to pay relay hosts immense amounts of money to get everyone onboard so they can outnumber government servers. At which point you'd essentially be paying the government to spy on us as well, for free.. so it kinda doesn't work.
@@vgaportauthority9932 Hang on. If the network incentivized more relay hosts, this wouldn't necessarily decrease the cost of spying. Let's say that LE attempted a similar tactic, hosting a collection of entry and exit nodes. Their concentration of servers would be reflected in the value of the currency, thus making it virtually worthless. Value would depend on network competency, and ideal host vs. LE host ratios, i.e. whether the network protects the anonymity of its users optimally. Wouldn't it be even better to have a visual component to the state of a network in the form of currency?
@@zasterheffor how does tor recognises that multiple relays have the same owner?
That's the real problem with any relay-based network protocol.
Even if it was so easy to fingerprint tor relays do we really think this would stop the making of these relays?
The approach would just be to degrade and smear the network into disuse.
You do have a reasonable expectation of privacy on Tor (a us appeals court ruled). So to use your Tor info in court, police need to get a warrant.
But Microsoft apple and Google have all signed up to share your data upon request by any government agency (signed into effect in 2012). No warrant needed.
@@luminousfractal420 Isn't that data encrypted?
@@UsernameXOXO Matters not. The "Your data will be fed to the feds if you nod to the nodes" is a pretty common agreement on any terms&conditions
@@muchotexto4248 How do the feds break the encryption? Which feds are we talking about?
@@muchotexto4248 Matters not for what? The comment's statement or ones cleartext data?
Make a token that the mining part is be a tor relay, the incentive need to exist.
loki net?
@@damani662 maybe, I don't know.
Don’t use tor, nor do I care. But what kills me is that back when it had first became something (like around 2005 or thereabouts), it really sucked to play around with because of how slow it was. This was due to there only being some 10,000ish devices out there relaying traffic around. You’re trying to say that today (some 16+ years later) it’s still the same?!? I’d have thought that there’d be literally millions of nodes, relays, or whatever makes it up by now... Weird...
The answer is - there is no much incentive to run one ;-)
The ones today are waaaaaay faster
It's not the same. It's gotten faster since then-
when i tried to play with it, it asked me if i want to run a relay since it'll make it faster for everyone. but it also said that there are risks involved with that.
as i didn't need any troubles, just didnt use tor (too slow, and running a relay is too risky)
@@apelsinuke running a relay that's not a exit relay is basically no risk
Three letter agents glow so bright
when the WEF said you'll own nothing they probably also meant you won't own basic human rights
There's another group that might do this, and they're not a government. It's the Record Industry and Film/TV Producers and Distributors - the people that make money off the Artists by selling the artists works. And, as these are all commercial entities, they're not limited by national boundaries, so can set up relays anywhere they want.
Somebody should make some kinda of service where you pay X amount per month and they host and maintain a relay for you. Im sure some people out there would be willing to finacially support the Tor Network given its resonability priced but dont want to go through the hassle of setting one up
Someone should create a Tor token
Talk about a company with legal issues everyday
"Somebody should make some kinda [of] service where you pay X amount per month and they host the legal liabilities of anything and everything that comes out of that hosting."
Fixed that for you, sir ;-)
Mental outlaw: illegal Rugs
Me who posses a lot of rugs: oh no
Since when Rugs became illegal?
(It's a joke, don't explain me what he meant)
he showed a picture of a rug that was banned in the U.S as of 2018, a literal illegal rug.
@@average-neco-arc-enjoyer I'd like to know more about this, please elaborate.
@@liamholcroft7212 there are a lot of websites that cover this better than I can, but basicly persian rugs were banned in the US multiple times by US sanctions.
@@average-neco-arc-enjoyer Oh i see, it's a sanction thing, like with cuban cigars? I thought there might have been a funny story behind it.
That's why I always VPN even when on tor
Doesn't really matter when they own the VPN server
@@LiEnby that's why you work with reputable companies, ideally located in countries with strong privacy laws like Iceland or Switzerland
@@Herbaling yeah except they will still spy on you lol
@@Herbaling You think a bizznes in Swiss can say no to the damn feds?
@@muchotexto4248 dude, have you seen how much US has difficulties extraditing Assange to US from UK?
And that's UK, not Switzerland.
If countries start cooperating to catch you, I think you have bigger problems.
If privacy isn't important, then why does the government hide secrets? If anyone asks why you need privacy, it's to exert power and control over you.
How foolish to assume it's only one entity or just a couple doing the tracking. We can pretty much be guaranteed that multiple agencies within the US gov alone are compromising tor, and it would be stupid of any other country to not do the same. Good guys, bad guys, and even corporations like Google, Amazon, and Apple would be doing it as well. The only question is who isn't compromising it.
We need a Decentralized tor DAO that can kick relays and incentive people to make relays by releasing a token for the service.
8:38 Did you hear that buzz and pause?
*FBI Helicopter noises intensifying*
Definitely going to set up a relay ASAP
Monero being the first donation link in your description is very fitting lol
I dont think its a law enforcement/police agency. You kinda need to produce evidence of how you secured the evidence you produce in court if you are going to trial.
That is why i dont think its the DEA, IRS, FBI or the ATF. My guess is on the CIA or the NSA(the latter most likely), as the NSA is exempt from all of this, and does its operations internationally. I think this isnt drug related, but leak-plugging and espionage related.
Just so happens that i just got a Gigabit (1000/1000) internet connection with a public IP and all ports accessible. Might as well contribute. Idk if my ISP will be happy though (they really don't like torrent(nothing a VPN can't solve, but still). I guess will find out soon. I've already am running bridges on most of my VPSes.
this glows
@@ccriztoff you guess this why
i know a guy who does pen testing for agencies in DC and he says he finds quite a bit of CP on government computers and rarely do the employees get charged with crimes, usually just shuffled around departments
I will try to figure out how to set up my own node to help out. Many more smaller participants is always better than a few big players. That applies to everything in life!
There is heavy reason to suspect government play (really international efforts though if I'm remembering correctly I think it's the swedes that had taken over a ton of accounts from silk roads takedown) and these governments are still potentially the ones running the servers and also several accounts and potentially even marketplaces themselves if you want to get super conspiratorial, as that was a suggested tactic already. Barely sociable has some great videos with research an info on this subject that I'd recommend. Definitely worth your time
i wish that depicting certain folks as soyjaks actually did grant an automatic win
Interested in the Tor Relay tutorial! I've got an old laptop sitting around with a totally shot battery. Could be worth running a Tor Relay on that! Or anything, relay, just something to get a bit more use out of it.
Main requirement is public IP address. If you have it, then just try. But I advice running non-exit relay, that way your will get less bans for your IP address from different services.
@@sdjhgfkshfswdfhskljh3360 it wouldn't be his ip, it would be his laptop's
@@BusinessWolf1 ????, his laptops mac maybe but same ip.
Govt: We need truly anonymous internet for our illegal drug and arms trades.
Govt: Release Tor
People: Awesome! We can use Tor to buy illegal things anonymously online! Thx Govt!
Govt: We need to end Tor
"Those who sacrifice privacy for security will receive neither."
I'm not going to watch the video but I want to tell you that your thumbnail is A+