this post was submitted on 09 Sep 2023
50 points (89.1% liked)

Privacy

31893 readers
625 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
50
submitted 1 year ago* (last edited 1 year ago) by iso@lemy.lol to c/privacy@lemmy.ml
 

For example, I downloaded Tor network and using it for illegal activities. Can my govt track me? Can US govt track me? I know it encrypts something but if I remember correct, FBI was able to find some Tor users before.

Note: illegal activities was for example. I'm not going to do anything illegal. I'm just planning to serve my instance with a onion address.

all 47 comments
sorted by: hot top controversial new old
[–] Nerd02@lemmy.basedcount.com 63 points 1 year ago (1 children)

This post glows so hard I'm going to need a pair of sunglasses.

[–] iso@lemy.lol 10 points 1 year ago* (last edited 1 year ago) (1 children)

Wait, is the joke about me being CIA? Cause I’m not CIA 100%

[–] Celtic7670@feddit.de 63 points 1 year ago (1 children)

That's exactly what a fed would say

[–] iso@lemy.lol 22 points 1 year ago* (last edited 1 year ago) (1 children)

It’s simple. If you ask a cop if he’s a cop, he’s like, obligated to tell you. It’s in the Constitution.

breaking bad reference

[–] IphtashuFitz@lemmy.world 15 points 1 year ago (1 children)

Crooks getting their infallible legal advice from Hollywood screenwriters…

[–] jet@hackertalks.com 6 points 1 year ago* (last edited 1 year ago)

Sue the person your interested in for something, maybe defamation, get a deposition done, and as part of the questioning have the lawyer ask if they work in law enforcement.

Under oath, they have to tell you if they are a cop. heh

The 7th Street Litigators - A crew of rough and tumble gunners, use this method to screen new members.

[–] mo_ztt@lemmy.world 57 points 1 year ago (2 children)

Short answer: In theory, pretty much anything you're doing on the modern internet can be traced back to you. It's just a question of how much effort, sophistication, and time someone's willing to invest in the tracing. Tor is a pretty high bar for them to clear, so it'll protect you against a pretty high bar of attempting to track you down -- but that's only true as long as you're not doing anything careless to compromise your own security, and it's pretty easy to do something careless (especially in the long term).

This DEFCON talk goes into a lot of the nitty-gritty details and reality. The speaker sold drugs on the dark web for quite a while, but eventually got caught and went to federal prison, so he knows both sides of it.

[–] iso@lemy.lol 4 points 1 year ago

Thanks for the video, I'll check it out.

[–] asmodeus@programming.dev 40 points 1 year ago (3 children)

Most tor users got caught because of bad OPSEC, not because of the tor network itself…

[–] cooopsspace@infosec.pub 11 points 1 year ago

Bad opsec and hubris/idiocy.

[–] jet@hackertalks.com 7 points 1 year ago

Maybe, parallel construction confuses the quality of ToR a bit. If I was a APT and compromised ToR I wouldn't want anyone to know, so i would use parallel construction to always have a non-ToR reason for a take down.

[–] iso@lemy.lol 1 points 1 year ago (1 children)

So we need other security methods besides using Tor? Like what?

[–] asmodeus@programming.dev 19 points 1 year ago (1 children)

Not using anything Google/Microsoft related would be a good start.

[–] IphtashuFitz@lemmy.world 17 points 1 year ago

Followed by no JavaScript, no browser plug-ins, etc.

[–] jet@hackertalks.com 30 points 1 year ago (1 children)

Don't do illegal activities.

What signal fiasco?

You should read the Tor foundation documentation before trusting your freedom to it.

You can be tracked on Tor, but the question is by who, and when. If you login to gmail over tor then google knows your using tor. If you access tor from your home computer then your isp knows your using tor.

If your threat model includes Advanced Persistent Threats at the nation state level, then they can do Cybill attacks and control enough nodes that they could track you.

[–] iso@lemy.lol -1 points 1 year ago (1 children)

What I meant with Signal fiasco is, they didn’t published server code for a year and the fact that they’re a US establishment. It’s not looking that bad but I’m not going to trust them anymore.

[–] jet@hackertalks.com 17 points 1 year ago* (last edited 1 year ago) (1 children)

ToR was started by the US Navy and still gets funding from the navy every year. ToR is a tool used by the US for spooks and spook assets globally. The only reason it was made public was to generate enough noise to hide the spook talk.

So applying your logic means you shouldn't use ToR either.

[–] iso@lemy.lol 1 points 1 year ago (1 children)

Hmm, maybe you’re right. But still its not like they didn’t released the source code for a year.

[–] jet@hackertalks.com 8 points 1 year ago (1 children)

https://github.com/signalapp/Signal-Server

Its there now, but you never know what they are really running on their servers. In end to end networks, you should never trust the network, only the clients.

I think you need to take time and model out your threats, the EFF has tools to help you do this, then choose the tools that match best.

[–] iso@lemy.lol 1 points 1 year ago (1 children)

You’re right. Thats why I like Matrix more than Signal now.

Also I’m not looking for a security method to escape from a specific target. It’s all curiosity about general security.

[–] jet@hackertalks.com 9 points 1 year ago (1 children)

matrix leaks metadata to the servers much worse then signal, just FYI. Hating how a team runs is different then then risk profile of the product.

Don't like emotions cloud your decision making

[–] iso@lemy.lol 1 points 1 year ago (1 children)

I'm not hating. I just like keeping my half encrypted data on my own server instead of fully encrypted on someone else's server.

[–] zwekihoyy@lemmy.ml 3 points 1 year ago

well, your own server and every other server you've ever connected to.

[–] LollerCorleone@kbin.social 11 points 1 year ago (2 children)
[–] skullgiver@popplesburger.hilciferous.nl 4 points 1 year ago* (last edited 11 months ago)

[This comment has been deleted by an automated system]

[–] QuazarOmega@lemy.lol 2 points 1 year ago (2 children)

I guess the phone number leak, I wouldn't really call it a fiasco though

[–] LollerCorleone@kbin.social 5 points 1 year ago

That was also a hack on Twilio. Signal itself wasn't compromised in any way if I am not wrong.

[–] iso@lemy.lol 2 points 1 year ago (1 children)

I said "fiasco" because they did not share the backend server repo for a while and did not make any statement about it. Maybe a little overreaction than it should be. But for an app that promises privacy, it's kinda annoying.

[–] QuazarOmega@lemy.lol 2 points 1 year ago

Oh that, yeah that was pretty bad tbh

[–] Chivera@lemmy.world 10 points 1 year ago (1 children)
[–] iso@lemy.lol 1 points 1 year ago* (last edited 1 year ago)

Sheesh, almost got you 😅

[–] possiblylinux127@lemmy.zip 9 points 1 year ago

Please don't do anything illegal...

[–] hottari@lemmy.ml 7 points 1 year ago

As long as you stay ^far^ ^far^ away from Javascript, you should be fine.

[–] ollie@lemmy.dbzer0.com 6 points 1 year ago

smart move to add that note, they nearly send out a swat team

[–] melroy@kbin.melroy.org 3 points 1 year ago (2 children)
[–] Steamymoomilk@sh.itjust.works 4 points 1 year ago (1 children)

Were the link go? I'm too spooked to click

[–] melroy@kbin.melroy.org 1 points 1 year ago (1 children)

The Curiosity of the human mind is the weakest link.

[–] iso@lemy.lol 2 points 1 year ago (2 children)

WDYM I just downloaded Tor Browser from there and its working as expected. But interestingly it was Chromium based.

[–] Celtic7670@feddit.de 1 points 1 year ago

It's a fake link.

[–] ghjsh8@lemy.lol 1 points 1 year ago (1 children)

Isn't Tor browser based on Firefox?

[–] Dsklnsadog@lemmy.dbzer0.com 1 points 1 year ago (2 children)

I'm intrigued. What is that link?

[–] melroy@kbin.melroy.org 0 points 1 year ago (1 children)

The Curiosity of the human mind is the weakest link.

[–] Dsklnsadog@lemmy.dbzer0.com 1 points 1 year ago (1 children)

Actually, that's what makes us better. Even if the price is death of one for knowledge of the whole race

[–] melroy@kbin.melroy.org 0 points 1 year ago* (last edited 1 year ago)

I fully agree with you ;) .. Although a lot of animals are curious as well. But I mean it's one of the weakest links in terms of security. The human is the weakest link.