Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Tails - a "safe" way to visit your password related sites without own PC
 
  • Locked thread
Alereon
Feb 6, 2004

Dehumanize yourself and face to Trumpshed
College Slice
Routing your traffic through Tor is much less secure than not doing so. Tor provides a measure of anonymity, but also adds additional opportunities for man-in-the-middle attack. If you're a dissident in a jurisdiction that probably doesn't have the resources to monitor Tor and you need the anonymity, this is good for you. If you live in the US then using Tor is basically handing your data to criminals and hoping they won't be able to make use of it if you follow best practices and don't gently caress up.

There are two main reasons it's bad to use a computer you don't own to access the Internet: The computer could have spyware on it, and it could have malicious SSL certificates or issuers trusted so that bad certs are accepted by default. Booting from your own USB drive fixes the latter, but not the former: it's still possible for the owner of the machine to keylog everything you do. It is harder than just running keylogger software under Windows though, so this is still a substantial improvement in security.

As a cynical overview, Tor is a honeypot network operated jointly by the NSA and Russian carders. The NSA likes Tor because for some reason people are willing to selectively route their most "interesting" traffic through it for them to monitor. Russian carders like Tor because anyone stupid enough to do that will probably send valuable data unencrypted at least sometimes, especially given malicious nodes that try to make that more likely (SSL stripping, attempting to force insecure authentication, etc).

* # ¿ Aug 3, 2014 14:15
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 21, 2024 00:23
  • Quote
Alereon
Feb 6, 2004

Dehumanize yourself and face to Trumpshed
College Slice
What you're basically saying is that you trust the bad guys (Tor) more than your ISP or VPN provider, which is a little insane. While if done correctly you should be able to maintain security, a lot of the sites you visit are unencrypted and its pretty easy to break or interfere with HTTPS, so arguing that you're safe because the sites you visit have HTTPS is not true.

Again, the point of Tor is that you're trading somewhat reduced risk that you will be identified as the sender of data for increased risk that the data you send will be intercepted by the bad guys. For most people that is the exact opposite trade you want to make from a security perspective, especially because your data identifies you anyway.

* # ¿ Aug 3, 2014 17:51
  • Quote
  • Locked thread
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Tails - a "safe" way to visit your password related sites without own PC