For example, I downloaded Tor network and using it for illegal activities. Can my govt track me? Can US govt track me? I know it encrypts something but if I remember correct, FBI was able to find some Tor users before.

Note: illegal activities was for example. I’m not going to do anything illegal. I’m just planning to serve my instance with a onion address.

    • iso@lemy.lolOP
      link
      fedilink
      arrow-up
      21
      arrow-down
      11
      ·
      edit-2
      1 year ago

      Wait, is the joke about me being CIA? Cause I’m not CIA 100%

        • iso@lemy.lolOP
          link
          fedilink
          arrow-up
          32
          arrow-down
          10
          ·
          edit-2
          1 year ago

          It’s simple. If you ask a cop if he’s a cop, he’s like, obligated to tell you. It’s in the Constitution.

          breaking bad reference

            • jet@hackertalks.com
              link
              fedilink
              English
              arrow-up
              7
              arrow-down
              1
              ·
              edit-2
              1 year ago

              Sue the person your interested in for something, maybe defamation, get a deposition done, and as part of the questioning have the lawyer ask if they work in law enforcement.

              Under oath, they have to tell you if they are a cop. heh

              The 7th Street Litigators - A crew of rough and tumble gunners, use this method to screen new members.

  • mo_ztt ✅@lemmy.world
    link
    fedilink
    English
    arrow-up
    57
    arrow-down
    1
    ·
    1 year ago

    Short answer: In theory, pretty much anything you’re doing on the modern internet can be traced back to you. It’s just a question of how much effort, sophistication, and time someone’s willing to invest in the tracing. Tor is a pretty high bar for them to clear, so it’ll protect you against a pretty high bar of attempting to track you down – but that’s only true as long as you’re not doing anything careless to compromise your own security, and it’s pretty easy to do something careless (especially in the long term).

    This DEFCON talk goes into a lot of the nitty-gritty details and reality. The speaker sold drugs on the dark web for quite a while, but eventually got caught and went to federal prison, so he knows both sides of it.

  • asmodeus
    link
    fedilink
    English
    arrow-up
    42
    ·
    1 year ago

    Most tor users got caught because of bad OPSEC, not because of the tor network itself…

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      Maybe, parallel construction confuses the quality of ToR a bit. If I was a APT and compromised ToR I wouldn’t want anyone to know, so i would use parallel construction to always have a non-ToR reason for a take down.

    • iso@lemy.lolOP
      link
      fedilink
      arrow-up
      3
      arrow-down
      2
      ·
      1 year ago

      So we need other security methods besides using Tor? Like what?

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    31
    ·
    1 year ago

    Don’t do illegal activities.

    What signal fiasco?

    You should read the Tor foundation documentation before trusting your freedom to it.

    You can be tracked on Tor, but the question is by who, and when. If you login to gmail over tor then google knows your using tor. If you access tor from your home computer then your isp knows your using tor.

    If your threat model includes Advanced Persistent Threats at the nation state level, then they can do Cybill attacks and control enough nodes that they could track you.

    • atomkarinca@lemmygrad.ml
      link
      fedilink
      arrow-up
      11
      arrow-down
      2
      ·
      1 year ago

      “illegal activities” doesn’t always mean buying crack cocaine, or whatever. depending on where you live it can mean:

      accessing wikipedia, forming communities, performing union activities…

      in other words, the ruling class of your country decides something being threatening their power, and that becomes an illegal activity.

      of course everyone can be tracked. also everyone is not julian assange, so i’m not so worried about using tor for “illegal activities”.

    • iso@lemy.lolOP
      link
      fedilink
      arrow-up
      4
      arrow-down
      6
      ·
      1 year ago

      What I meant with Signal fiasco is, they didn’t published server code for a year and the fact that they’re a US establishment. It’s not looking that bad but I’m not going to trust them anymore.

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        17
        ·
        edit-2
        1 year ago

        ToR was started by the US Navy and still gets funding from the navy every year. ToR is a tool used by the US for spooks and spook assets globally. The only reason it was made public was to generate enough noise to hide the spook talk.

        So applying your logic means you shouldn’t use ToR either.

        • iso@lemy.lolOP
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          Hmm, maybe you’re right. But still its not like they didn’t released the source code for a year.

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            8
            ·
            1 year ago

            https://github.com/signalapp/Signal-Server

            Its there now, but you never know what they are really running on their servers. In end to end networks, you should never trust the network, only the clients.

            I think you need to take time and model out your threats, the EFF has tools to help you do this, then choose the tools that match best.

            • iso@lemy.lolOP
              link
              fedilink
              arrow-up
              3
              arrow-down
              2
              ·
              1 year ago

              You’re right. Thats why I like Matrix more than Signal now.

              Also I’m not looking for a security method to escape from a specific target. It’s all curiosity about general security.

              • jet@hackertalks.com
                link
                fedilink
                English
                arrow-up
                9
                ·
                1 year ago

                matrix leaks metadata to the servers much worse then signal, just FYI. Hating how a team runs is different then then risk profile of the product.

                Don’t like emotions cloud your decision making

                • iso@lemy.lolOP
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 year ago

                  I’m not hating. I just like keeping my half encrypted data on my own server instead of fully encrypted on someone else’s server.

  • hottari@lemmy.ml
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    1 year ago

    As long as you stay far far away from Javascript, you should be fine.

  • MinekPo1 [She/Her]@lemmygrad.ml
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    1 year ago

    On a serious note, if I’m not mistaken, most cases of Tor users identity being uncovered is via information the user either unintentionally leaving information public, or privately told another user, which was made public due to a betrayal or a security breach.

    In most other cases involve security flaws in Tor clients not the network, again if I’m not mistaken.