6.2 KiB
Tor
TODO
The BIG RANT
start NOTE: I got some objections from people, keep in mind the rant below is not based on evidence but rather my own experience and what I think is the most reasonable thing to believe. Belief is the key thing here really as that's all we can have with a bloated project by only select few, and in such case I argue to lean towards skepticism.
OK, so is Tor really safe and "private"? Well, PROBABLY NOT. It is "safer" and more "private" than clearweb/clearnet (if only for the obscurity) AGAINST THE SMALL GUYS ONLY, like average server owners and tiny ISPs -- that's pretty clear. However the big guys (NSA/CIA/FBI/governments, Google, Facebook etc.) can most likely get through -- consider how much of a bloat Tor and Tor browser are (we have to mention that Tor router and Tor Browser are two different things): did you alone go through the code, checked and tested there isn't a single exploitable line? Or did you just trust a promise of a website and your favorite content producers? (Tor Browser now even has autoupdates so they're just inserting you their code in real time now.) There most definitely is an exploitable line, and very likely more than one; if not by intention (it is EXTREMELY easy to sneak a malicious obfuscated line to a FOSS project; for a government or trillionaire corporation that's like a laughable amount of effort) then by pure statistics (even excellent code will have about 1 bug on 100 lines of code; if not in 100 then in 1000, 10000 or 100000). You may prove the protocol to be safe but remember, security may be broken anywhere, not just the protocol: for example the encryption library used may have a bug, the code implementing sockets may have a bug, random generator may have a weakness, interface code may have a bug (in case of Tor Browser imagine they e.g. manage to silently turn your JavaScript on, then simply fingerprint you) etcetc. And if there is an exploitable line somewhere, you can bet your life they know about it -- do you think NSA won't put their greatest effort into searching for a way to infiltrate the biggest communication network of criminals, terrorists and other competition? This will be on top of every government intelligence service list, they will pour incredible amounts of resources into finding those lines, so you would be really crazy to think they don't know about them. So why don't they just go and bust all the bad guys selling drugs and CP on Tor? OK, does that question even need an answer? Do you think they will reveal this? The moment they do, everyone stops using Tor and they can no longer spy. They literally don't give a single shit about some harmless incels downloading illegal videos or making laughable amounts of pocket money selling marijuana, why would they give up their biggest weapon and spend great money and resources on busting a few horny neckbeards (there wouldn't even be enough space in jail for them lol)? They just want you to think it's safe to use so that you use it and they can spy on you. GOVERNMENTS AND CORPORATIONS LIKE GOOGLE LITERALLY SPONSOR TOR, they WANT YOU TO USE IT -- if you can't see what this means then there's likely not much hope in trying to explain anything. They will use the info they gather to bust the big guys who threaten national security, economic stability or whatever, without revealing how they did it of course. They will let small black market exist so as to "prove" it's safe and so make it a nice honeypot -- they lost some money in economy, but it's an investment like any other. Also if they find you're using Tor you automatically get on their watchlist so it may actually be even less "safe" than vanilla clearnet with HTTPS. "BUTTT BUT IT OPEN SOARRRS EVERYONE CAN CHECK THE CODEEEEE" -- are you shitting yourself? Your "everyone" here means someone with excellent expertise AND tremendous resources that analysis of such a huge codebase requires, who is also willing to spend them -- how many entities like that are there in the world? A handful maybe, most of them exactly the mentioned bad guys like government and monster corporations, all of them rich capitalists, i.e. without any morals; now even if there is an independent entity of this kind and if such an entity does the insane, makes the investment and finds the exploit, do you think it will throw its investment out of the window for "public good", or does it try to profit from it by selling the knowledge to the highest bidder (or just staying silent about it)? Hmmm but if that's true, surely Tor developers also know it's futile, why are they even developing it? Because it's their living, they're sponsored, it's a pretty comfy job, they're just snake oil sellers who maybe even believe it works. Hmmm but wait, there are many good guy organizations who need security and will sponsor people to look for vulnerabilities. No -- any organization that really NEEDS a private conversation won't be dumb, it won't search for hyped things but something that's cheap and works, i.e. they will just use encrypted email or encrypted snail mail that flies under the radar easily and just works as long as math works. Some will sponsor Tor because it is still useful, e.g. it helps break some censorship, but no one serious about privacy will rely on Tor. So really until proven otherwise (which probably can't be done) you can't rely on safety of Tor. You are never safe under capitalism. Anyway, let this show you how futile any effort for "privacy" is in a shitty society -- the solution doesn't lie in increasing privacy and security of course, but in unfucking society.
Well then, is Tor literally useless? That we don't say -- it is definitely bloated and ugly and one of its main selling points, the "security", may only be partially valid, but it still is useful at least for kind of allowing some free speech -- real super offensive sites are happily running on Tor and that's very good, in this case it's probably better to have an ugly, weird free speech platform than none.