Peter wrote:
This topic is like PGP in 1990 Nowadays, almost nobody uses secure email,
Yes, but:
All in all, the situation is much better than in the older days, when typically sitting on the same Ethernet segment (hubbed, not switched, network on e.g. university office) or same coaxial cable (Internet through TV cable), you could just put your NIC or cable modem in promiscuous mode and lap up all your neighbour’s communications and browsing.
Forgive a naive question, but all the advantages of Tor seem to be met by a VPN. What makes Tor different/better than, say, ExpressVPN?
With a VPN there’s a single connection between your laptop and the VPN endpoint where your traffic enters the internet. And even if you do a bit of randomization the endpoints where you enter the internet is still in the hands of one (or just a few) companies – your VPN provider. That makes it easy for governments to either block the traffic outright, or allow the traffic and trace it back to the origin (you).
TOR, at a technical level, works quite similar to a VPN: It encapsulates and encrypts your traffic before sending it to the endpoint. The endpoint, wherever that is, decrypts and de-encapsulates your traffic and then sends it as regular internet traffic back onto the internet. So the connection seems to originate from that endpoint, instead of from your own laptop. However, TOR is a distributed network collectively owned by hundreds, if not thousands of organisations, and the traffic takes at least three hops through the TOR network before it gets to the final endpoint. And the path taken changes regularly – every few minutes. That makes it impossible to trace or block. Especially if you consider that the intermediate hops are in different countries with different jurisdictions and non-cooperating police forces. It could theoretically take ages before a police force has all the subpoenas to trace back a connection, while connection paths change every few minutes, and TOR nodes do not keep log records.
The other advantage of TOR is that it is possible to put a server on the TOR network, that is only accessible from TOR client users, and is again as untraceable as TOR clients are. This is what is often referred to as the ‘dark web’.
A disadvantage of TOR over VPNs is that TOR, due to all the hops involved, is relatively slow.
If all you want to do is circumvent some sort of geoblock, or you are not sure about the security of the public Wifi that you’re on, then a VPN is good enough. But if you also want to hide your identity from the authorities, for instance you’re a political activist in a country with a repressive regime, then TOR is a much better choice. And if your activity is outright criminal, then you will also want to use TOR to make it virtually impossible for the government to get you.
TOR nodes do not keep log records
A lot of the TOR stuff seems to go around Africa, where co-operation can be easily bought because most people are so damn poor.
Also traffic analysis is easy and in most cases sufficient. If say the N Korean govt wants to see if person X there is uploading particular videos to youtube they need to spy on the guy’s ISP (which is trivial; they own it) and have somebody inside youtube/google who has access to the logs, and then it’s trivial, no matter how many hops in the darkest Africa it passed through. Same with whatsapp or telegram etc. End to end encryption is ok if you are on a suspected dodgy public wifi, etc, but anyone with access to your ISP has got both ends’ identity.
you’re a political activist in a country with a repressive regime, then TOR is a much better choice
I think TOR is useless for known political activists.
In fact if I was in N Korea I am not sure how I would go about it. Certainly TOR (or a VPN) would be almost completely useless, as it would be in any scenario where the user’s ISP can be compromised (which is basically trivial anywhere in the world) and you are doing something sufficiently provocative/illegal. Probably satellite internet, or set up a 4G connection over the border. Best way would be to put the stuff on a flashstick and smuggle it out and get somebody abroad to upload it. Any real time stuff is not going to work.
In the modern world, nobody cares what you do unless you are a known and watched target, and the main “genuine” use of TOR is thus for illegal activities.
For the sort of hacking we are getting, the TOR system is handy because it gives you a free supply of varying IPs, and a varying browser type etc. If someone was doing it via a VPN they would have to keep changing stuff around, and be very careful to not slip up.
We should have a feature whereby a new poster’s initial post is hidden until mod approved. Then I could tell you what this hacker is trying sooo hard to post 
I just don’t want to spend the donations on stuff which isn’t actually necessary. He’s been running a script for months, and gradually improved it. A different IP each time, not all TOR endpoints, a different email address (mostly bogus). But it would not help deal with this issue more generally. Anyway, he will never get in because new posters have to be manually approved. I don’t want to go into detail for obvious reasons…
I have no idea if he is reading this thread, but it’s a fun discussion
Probably satellite internet, or set up a 4G connection over the border.
When I have quietly fantasised or daydreamed about how I would do stuff, it has come down to sitting the other side of the road from a McDonald’s, using a VPN to slow down the cracking process, and a different McDonald’s each time. Or in a Tube train. I recognise that there are no McDonald’s in Pyongyang, and probably no WiFi in the Metro, but you see the general idea.
Would that work?
Yes it would, provided that the McD has no cameras (it prob100 does have) and doesn’t log the mac numbers of the devices connecting to its wifi (which it prob99 does). Traditionally people posting illegal material have been doing it out of internet cafes, but these have for years been running cameras (probably often covertly) and recording the footage. And all the modern trains definitely have cameras (in the UK) because of the vandalism, assault, etc that happens on trains.
Probably the simplest way is to buy a phone and a data capable SIM card in some market, for cash, and use it only once for “the job”. Criminals of course know this, and know that the GSM system stores the phone’s location roughly every 10 mins, etc, hence the busts of criminal gangs tend to come across piles of “one time phones”.
If you connect to a wifi network, the mac number of the phone’s wifi adapter is exposed to the wifi network. This is true regardless of whether the phone is running a VPN to somewhere. Generally it doesn’t go any further (unless the device has been tampered to leak it down the line in some way) but the wifi network could be logging it and keeping the logs. And this mac number is world-unique. At the same time the phone’s IMEI and the sim card’s ID get logged in the phone company’s databases. So your McD dodgy data upload project would have to use a one-time phone also
So for N Korea you would need to get a trusted person to supply you with a one time phone (or laptop etc). If that person is a plant, or the phone can be traced to you, you are dead. Its location would be revealed the instant you turn it on and it registers on the GSM network, so you would need to do the job really quick and then turn it off, and later burn it so they can’t get DNA off it. If you are writing a novel, I can send you my rates
If you really want to stay invisible on the internet, start by reading this book
Buy the book in a bookshop (not online), which doesn’t have camera’s, and with cash. Make sure your fingerprints are not on the cash.
Peter wrote:
If you connect to a wifi network, the mac number of the phone’s wifi adapter is exposed to the wifi network. This is true regardless of whether the phone is running a VPN to somewhere. Generally it doesn’t go any further (unless the device has been tampered to leak it down the line in some way) but the wifi network could be logging it and keeping the logs. And this mac number is world-unique. At the same time the phone’s IMEI and the sim card’s ID get logged in the phone company’s databases. So your McD dodgy data upload project would have to use a one-time phone also
MAC is trivial to change and there are lots of software to do so. Changing IMEI is much less trivial, but on some phones it can also be done easily.
Indeed, but 99.75% of criminals are stupid. Just as well otherwise they would never get caught
Timothy wrote:
What makes Tor different/better than, say, ExpressVPN?
In a nutshell, with a VPN, you just choose a different ISP to have the technical ability to know of all your traffic. With Tor, not only the exit endpoint changes regularly (as often as the client decides, and is chosen by the client), but:
So unless these players collaborate, they got zilch. But see previous posts with details for more subtle things.
Peter wrote:
TOR nodes do not keep log recordsYou can’t actually know that
Due to the design, unless both entry and exit nodes in the chain keep logs and collaborate (or collaborate with the same third party), the logs will be of limited usability.
Peter wrote:
If say the N Korean govt wants to see if person X there is uploading particular videos to youtube they need to spy on the guy’s ISP (which is trivial; they own it) and have somebody inside youtube/google who has access to the logs, and then it’s trivial, no matter how many hops in the darkest Africa it passed through.
Yes, due to the low delay (and thus low absolute jitter) introduced by the network, when you can observe entry and exit you can correlate.
Peter wrote:
Probably the simplest way is to buy a phone and a data capable SIM card in some market, for cash
I think in many European countries, it is not possible anymore to get an activated SIM card without showing an ID (which may be a fake, blah, blah, blah).
Peter wrote:
If you connect to a wifi network, the mac number of the phone’s wifi adapter is exposed to the wifi network.
Usually, the MAC address of the adapter can be changed in software. At least that’s my experience on desktops, I haven’t seriously tried to do it on Android.
