hello friends! new(ish)!

Talk:Tor

From InstallGentoo Wiki v2
Jump to navigation Jump to search

Alleged NSA Takeover section is naive

So while the nsa takeover section sounds like bullshit to me (I have no proof (or suspicion) that the NSA pwnz twrr) the section sounds naive as fuck and Matthew Green, noted cryptonut, disagrees, quoting George Danezis's blogpost.

The following points also make me cringe:

  • "One must consider that the NSA would have a finite amount of Bandwidth" LOL have you seen their budget? Plus it's well known that they intercept traffic from most undersea cables in the world and much more.
  • "(The NSA) ould only be allowed to host such things in the United States." Utterly misleading. Besides friendly countries letting them install whatever the fuck they'd like (especially in five eyes countries), they have dedicated sections devoted to breaking into ISP/VPN routers and a multimillion dollar budget simply for bribes.
  • "the likely-hood of the NSA spying on the users is little to none" except that the NSA's motto is "collect it all".

The default settings for .torrc are also strange. Tails doesn't block five eyes nor does it only allow entry through germany and exit through russia.

Both sections should be deleted imo. Mrsnooze (talk) 08:49, 17 February 2016 (EST)

I modified the torrc. How does that look now? --Se7en (talk) 09:59, 26 February 2016 (EST)
Hey buddy. I'm no expert on tor, nor torrc. I'm completely open to being proved wrong, because I would like to hear more about tor configuration from tor experts (and if you find anything in the tails distro which counteracts my thoughts, I will give you double l337 dude points).
My alarm bells mainly went off about these lines:
  • ExcludeNodes {US},{GB},{NZ},{CA},{AU},{CN},{TW}
  • ExcludeNodes prefers to not connect to nodes with these country codes. Country codes which are the five eyes (nsa bend-over-and-rape-me nations) and china and taiwan. For five eyes, I understand the concern but don't agree. China is the opposite of five eyes. Taiwan is... linked to china I guess? ExcludeNodes also excludes routing nodes (i.e. non-entry, non-exit) nodes - the middle layer of an onion route. Many, many nodes are in five eyes countries and more nodes = more security. It feels to me that this line of configuration is based on the incorrect assumption that american Three Letter Agencies (TLAs) can only operate within american jurisdictions. And why both china and five eyes (mortal enemies) should be excluded further raises the alarm for me.
  • EntryNodes {DE}
    This option prefers entry nodes within germany. The nature of onion routing negates any level of trust for entry nodes in any country. Exit nodes to the clearnet are the only real concern (since malicious nodes can strip tls headers, but even then are still unsure of who sent the initial request, if the tor user has any opsec whatsoever). But also why only germany? Why is germany the one nation on earth to be trusted for tor entry nodes? This severely limits the paths through tor and makes it easier to be identified - "actor X only ever enters via germany."
  • ExitNodes {RU}
    Pretty much the same questions as the EntryNodes discussion. Additionally, russia is a known cybercriminal haven so I'd wager (have no proof) that exit nodes in russia are more likely to be mailicious (mess with your traffic) than any other nation.
  • StrictNodes 1
    This option really rings my alarm bells. This options turns the EntryNodes and ExitNodes options from "I'd prefer" to "I enforce". This option hardens the above options I'm questioning into strict rules rather than casual recommendations. With this option set, everyone who follows this guide will ONLY EVER enter in de and ONLY EVER exit in ru. This is a wet dream for anyone powerful enough to monitor the tor network (such as the five eyes nations which this configuration is trying to avoid).
I'm reminded of the saying "a little knowledge is a dangerous thing." Just because we know what torrc is and are able to modify it, doesn't mean it's in our favour to do so.
I think it would be much better to advise people to use Tails and let the tor developers define their torrc.