this post was submitted on 29 Feb 2024
6 points (75.0% liked)

Unofficial Tor Community

163 readers
1 users here now

Link to tor project (they made the icon I grabbed, and tor itself of course): https://www.torproject.org/

This is a community to discuss the tor project and your experience with tor, tor browser, etc.

Rules are generally: be nice, don't be bigoted, etc.

Only seems fair that an infosec instance should have a community about one of the most well known anonymity tools :)

founded 1 year ago
MODERATORS
 

I simply make a GDPR request. Write to a Tor-hostile data controller making an Article 15 request for a copy of all your data. Also ask for a list of all entities your data is shared with.

The idea is that if a website blocks Tor (or worse, uses Cloudflare to also share all traffic with a privacy offender), then they don’t give a shit about privacy. So you punish them with some busy work and that busy work might lead to interesting discoveries about data abuses.

Of course this only works in the EU and also only works with entities that have collected your personal data non-anonymously.

top 2 comments
sorted by: hot top controversial new old
[–] jet@hackertalks.com 3 points 8 months ago (1 children)

I'm not sure how this is going to encourage any company to adopt tor

[–] coffeeClean@infosec.pub 4 points 8 months ago* (last edited 8 months ago)

Tor-hostility is an act of laziness. An admin decides they cannot be bothered to separate their publications from their contact page, or to just CAPTCHA the contact form. So they take the easy path and simply 403 all Tor users or they offload the effort onto others by proxying via Cloudflare.

Thus it’s in the interest of the Tor community to make the lazy option a path of greater resistance.

There’s also a cost apart from time. I just got a response to a GDPR request by registered letter. So the privacy-disrespecting data controller spent ~€10 in postal costs on their response.