TOR is NOT secure enough for illegal activity - Don't do it.

3 months ago

Get over it, folks. If it is illegal, you shouldn't do it. Period. When you are on the Internet you might as well be writing for the front page of an international newspaper. Get over it. Live decent lives instead of wasting them away. Go to school. Be useful to society. Pay taxes. You know the drill.

Meanwhile, consider these fundamental problems with thinking TOR will keep you out of jail:

1) The big boys are much more clever than you think. They probably have a lot more experience than you, plus they have people like you by the dozen.

2) TAILS will prevent you from storing any information locally, yes. However, you still need then to find a third trusted party to hold your BTC. Plus, if you expect to be able to use your BTC you will either need to get it to/from your bank or to simply order directly. You'll need to consider using a mixer-upper site if you want your third party insulated from your vendors or your bank. It is a whole lot more work than you might think.

3) If TOR only uses 3 hops then it makes their job much easier. Simple math.

4) Fixed entry nodes is a huge constrainer, meaning that for any user, now there are only 2 unknown nodes in the chain. For so-called experts, there is a way to help with this, as detailed here: ... parameters

5) The last in the chain, the exit node, then makes a non-TOR connection to the actual server in the clear, aka no encryption:

Give it up people. All you might be doing is just giving the big boys and their toys more work when they probably would much rather be out finding kidnapped people or preventing crazy attacks or locking away pedophiles.

Just don't do it.
Don't say you weren't warned.

3 months ago

Tor uses 3 hops, but each of these hops is used by multiple users AT THE SAME TIME. This is very important. Each node has SEVERAL incoming and several outgoing connections. Every f*cking minute.

So if you trace somebody's way IN to the node, you should then check EVERY TRACE OUT, means EVERY outgoing connection. Because you don't know which exactly connection was used by your suspect.

This means, that on step 2 you will have to check MANY Tor Nodes without a clear assurance what exactly you are looking for. And every of that Nodes ALSO HAS MANY OUTGOING CONNECTIONS. Which leads as to MANY * MANY suspicious nodes on step 3.

And after step 3 you will have MANY * MANY * MANY possible routes, and only one of them is sought-for. It is virtually impossible to trace UNLESS YOU CONTROL ALL THREE NODES IN A CHAIN.

So be calm, things are not THAT bad.

3 months ago

"If it is illegal, you shouldn't do it."
"Live decent lives"
"Pay taxes"
"Get over it." 2 times!
...ignoring all the pseudo arguments directed at simple minded poeple...
this guy sounds like cliche educational propaganda from the last century.

whatever government hired this guy didnt want to spend much money or has really bad psy ops.
archway if you are a legit person please rethink your whole life because you're doing it wrong. life has so much more to offer than obeying the rules and being "decent". if you know how to love and don't fool yourself then you don't need rules to know whats right or wrong, just logical thinking and an open eye.

3 months ago

OK, Spaghetti Knight, yes I used CAPS and can see what you mean that it sounds like the propaganda we get educated about. (That doesn't mean it is wrong, even if true) But ya just gotta love where it says " When you are on the Internet you might as well be writing for the front page of an international newspaper." ;-)

Please consider that I am just recoiling to the level of insecurity I am discovering. I do not work for the government. I'm a dad who would be horrified to think my kids might think this could protect them from the law so they might feel safe doing things they shouldn't do in the first place. I do have a lot of experience in computer security. I'm not a n00b, but am absolutely brand-new to Tor. I actually want to just see how this all works. I know this was developed for the Navy. And with just a bit of redesign it could actually be made secure. But if I lived in China I sure as hell wouldn't want to trust this public version to keep me safe from the consequences of criticizing the government.

But this isn't about me. If it was, I would show you a picture of the Tor Archway, "das Tor"

But I do hope you all will comment further about my actual points about the flaws in the system. Like the lack of server-side encryption.

And I do see Tor Hacker's point. But my original assertion is about the complexity of being traced. If they know the entry point and the exit node sends it out unencrypted, the middle hop then is the ONLY unknown, if they're watching you. My point is that it constrains the unknowns they have to deal with. It would be much better if it were a random number of hops, I'd say.

This was just my first impressions! And look at what happened to the Silk Road guy. I don't know if someone ratted him out, or if he just got too big, but in the end they put him in a very bad place, forever. Maybe it really was just because he used the Captcha service. I can see that being a problem. And that leads to a whole host of other issues, like using systems that get auto-updates that might talk back to the mother ship. Or any of a host of other technical exposures. God forbid that any of this be run on Win10. That whole thing is built as an appendage to M$. Even Ubuntu gets auto-updates, though. Who knows what all they put in them? Keyloggers for the endpoints would be the obvious first step, for instance. Tails is cool because it doesn't leave tracks on the PC, and won't be sent anywhere else as long as the keylogger isn't part of the BIOS. But when was the last time you took apart your BIOS to see what all it does?

I stand by my statement that this system is not safe enough. Even the experts can't ensure their own safety. 'nuff said.

Anyway, have a good day! Thank you for making this a discussion rather than leaving it like someone was just launching a lecture.


You are not logged in. Login or register to reply on this thread.