The rules in the US will be no different than they were before October last year. That's all that's really changed.
I use a VPN. It doesn't anonymize me, but it does make it more difficult for my core ISP to see what I'm up to. They can tell I have traffic coming and going, but they don't know what. They could probably guess, for instance on a torrent download, that I was downloading lots of data, but what that data is they don't know. They might speculate it's a video file, but they don't know for sure. For example, I just did a huge data dump from the US Department of Transportation that amounted to several gigabytes for a freelance project I'm working on. Completely legal to access in the clear, but it is enough to look like 2-3 full feature length movies on a data transfer.
I think at the end you only need to do minimal things, like purchase a VPN service for $100US per year. While they could theroetically still find you, the people who go after people like torrent downloaders are notoriously lazy. They will get the easy to nab people first (read: those not using VPN or TOR) and save the rest for later.
Look at it this way, it's a lot like being in a group of people getting chased by a bear... You only have to be faster than the slowest one to not get mauled by the bear.
Removal of Internet Privacy Restrictions
-
Losethem (imported)
- Articles: 0
- Posts: 3342
- Joined: Tue Dec 25, 2001 9:01 am
-
Posting Rank
Re: Removal of Internet Privacy Restrictions
Keep in mind that TOR was compromised some years ago, and isn't perfectly safe.
In fact, in the world of computers, someone had to have written the code, knows how it all works, and knows ways into and out of everything.
In fact, in the world of computers, someone had to have written the code, knows how it all works, and knows ways into and out of everything.
-
ka.dick. (imported)
- Articles: 0
- Posts: 52
- Joined: Wed Mar 31, 2010 1:27 pm
-
Posting Rank
Re: Removal of Internet Privacy Restrictions
The safety of TOR is constantly under debate. As far as I can tell, using only HTTP(S) over TOR should be secure enough, in the sense of anonymity. The attacks that have been made public take advantage of other applications and protocols, such as BitTorrent.
TOR is definitely vulnerable against malicious end nodes, in the sense that the end node is technically 'visitng' the web site and, in case of lack of SSL, can eavesdrop or inject malicious code. However, SSL on the server neutralizes that risk. Then, there is certain risk that the relay you're connected to knows your IP and knows you're using TOR, but that's it.
Even if the end node and your final relay are on the same computer or are part of the same malicious network, due to packet distribution and layers of obfuscation they can't pinpoint which end connection is the one you're visiting and what you're doing there. So for now TOR can be considered anonymous I think. (I guess some advanced AI could do a good guess of which end packets are yours and thus identify you but I don't know if this has been accomplished or is even possible with current technology. And again SSL on the end server would eliminate the risk of eavesdropping.)
VPN on the other hand, has a single point of failure. You're subscribed to a service which knows both who you are and which sites you're visiting. It only needs a court order for the VPN provider to reveal that information or a curious admin to have a look. So VPN is more like a worst-case TOR scenario.
I mean think about it. You can make your own VPN tunnel, say for connecting from your mobile device in case you're on insecure wi-fi. Set up your home router to provide VPN and you have a secure tunnel between your mobile device and your router. But the router both connects to the internet as well as to your mobile device. The only difference with a 3rd party VPN is that it's someone else's router.
Regarding the code, TOR is open source so anyone can look into it and "know how it works". And you can be sure that high-profile projects aimed at security are under constant investigation from programmers for all kinds of reasons. If it's build well enough, it can be safe until a vulnerability is discovered.
Again, having HTTPS on the server would help. Any chance EA will get that? (Yes, I know it's not a matter of 5 minutes. I'm not attacking, just asking.)
TOR is definitely vulnerable against malicious end nodes, in the sense that the end node is technically 'visitng' the web site and, in case of lack of SSL, can eavesdrop or inject malicious code. However, SSL on the server neutralizes that risk. Then, there is certain risk that the relay you're connected to knows your IP and knows you're using TOR, but that's it.
Even if the end node and your final relay are on the same computer or are part of the same malicious network, due to packet distribution and layers of obfuscation they can't pinpoint which end connection is the one you're visiting and what you're doing there. So for now TOR can be considered anonymous I think. (I guess some advanced AI could do a good guess of which end packets are yours and thus identify you but I don't know if this has been accomplished or is even possible with current technology. And again SSL on the end server would eliminate the risk of eavesdropping.)
VPN on the other hand, has a single point of failure. You're subscribed to a service which knows both who you are and which sites you're visiting. It only needs a court order for the VPN provider to reveal that information or a curious admin to have a look. So VPN is more like a worst-case TOR scenario.
I mean think about it. You can make your own VPN tunnel, say for connecting from your mobile device in case you're on insecure wi-fi. Set up your home router to provide VPN and you have a secure tunnel between your mobile device and your router. But the router both connects to the internet as well as to your mobile device. The only difference with a 3rd party VPN is that it's someone else's router.
Regarding the code, TOR is open source so anyone can look into it and "know how it works". And you can be sure that high-profile projects aimed at security are under constant investigation from programmers for all kinds of reasons. If it's build well enough, it can be safe until a vulnerability is discovered.
Again, having HTTPS on the server would help. Any chance EA will get that? (Yes, I know it's not a matter of 5 minutes. I'm not attacking, just asking.)
-
fhunter
- Site Admin
- Articles: 0
- Posts: 1634
- Joined: Wed Nov 27, 2024 9:57 am
- Location: Serbia
- Has thanked: 57 times
- Been thanked: 18 times
-
Posting Rank
Re: Removal of Internet Privacy Restrictions
KA.dick. (imported) wrote: Mon Apr 10, 2017 4:41 am Again, having HTTPS on the server would help. Any chance EA will get that? (Yes, I know it's not a matter of 5 minutes. I'm not attacking, just asking.)
Not 5 minutes, but no longer than an hour or two. (I know that startssl is no longer well trusted, but there are other free sources of ssl certificate).
-
Losethem (imported)
- Articles: 0
- Posts: 3342
- Joined: Tue Dec 25, 2001 9:01 am
-
Posting Rank
Re: Removal of Internet Privacy Restrictions
I wish I knew how to implement Https: on my site. I'm but an amateur, and it's the reason for payments that I use a 3rd party service and it takes 24 hours to turn on access to premium content there. At least a human is involved and complicating the process a bit. Helps make it more secure, in my opinion.