@switchingsocial @torproject

I''ll add:

Tor is not the best for generic use. Because of its nature, it's usually very slow compared to other browsers, and needs to be used in a combination with a VPN you really trust.

Firefox is just a mainstream browser which is said to care more about your privacy. Comes with more options to do that, but you need to activate these as well.

At any case, Google Chrome, especially with your account signed in, is the opposite of privacy...

@jrss
Tor is significantly faster than it used to be. As long as you're okay with an extra ~0.1 seconds of latency, and aren't downloading huge files, it's barely noticeable (other than captchas). Also, you shouldn't use VPNs with Tor, since they violate some of the circuit path construction assumptions, create a single point of failure for traffic fingerprinting, and don't really add any security if your connection is encrypted to the destination (TLS, SSH, etc.).
@switchingsocial @torproject

@tga @switchingsocial @torproject

I agree with the fact that TOR is much faster than it used to be, and you can't really tell the difference on most non-heavy website (I noticed a difference when going to facebook, for example, but that can also be because of the many other things FB throws at you that other browsers just nod and smile at)

The second bit though... TLS encrypts your traffic, but there are still a few key things they can see:

[1/3]

@tga @switchingsocial @torproject

Which websites you go to, how long you've been there, how much data you downloaded (did you just browse or actually went to a torrent site and downloaded something?)

There's also the issue of who's the exit (or even entry) node. There was this whole thing about Russian affiliates creating their own nodes just to lure traffic in. These folks have all the data, and even if encrypted, that's a bad thing.

[2/3]

@tga @switchingsocial @torproject

As for SSH, how is that practical when surfing... SSH to where? Who's on the other side of the tunnel? Perhaps you meant this just as an example - if not, I'd be interested to get a practical example, could use it myself (no sarcasm!)

I'd say this:
If you just want a faster browser with much smaller memory footprint, go for Firefox. If you want privacy and you know what you're doing (at least basics) go with TOR - but don't use TOR blindly thinking you're safe.

[3/3]

@jrss
To be more clear, I'm not saying that there's nothing an exit node can learn about you, I'm saying there's nothing an exit node can learn about you that an adversary sitting just outside your VPN can't learn. VPNs were more useful when *actively* malicious exits were a problem, since VPN providers were historically less likely to inject malware into an unencrypted connection. On the guard side, they only provide more stable points for fingerprinting attacks.
@switchingsocial @torproject

Follow

@jrss
As for SSH, it was just an example of an encrypted connection. There are technically some sites that provide SSH browsing functionality, but mostly as a neat trick. I do use SSH over Tor a lot, but almost always via Onion Services, for NAT punching and a secure DNS alternative on my personal machines, which means it's already e2e encrypted anyway.
@switchingsocial @torproject

@tga @switchingsocial @torproject some interesting things here to ask. using this reply as a personal note...

how do you use SSH for onion (can you give an example of your workflow?) and do you mean secure DNS as in TLS connection to DNS or something else..?

Now you got me intrigued :)

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!