User Controls
Lanny, what the fuck is this?
-
2017-02-16 at 7:47 PM UTCTOR wouldn't help either, because no matter what route you use, anonymous or not, the endpoint is still your own box or device.
-
2017-02-17 at 6:20 PM UTC
-
2017-02-17 at 9:15 PM UTC
-
2017-02-17 at 9:28 PM UTC
-
2017-02-17 at 9:29 PM UTC
-
2017-02-17 at 9:36 PM UTCNo security is perfect. The best you can do is be ruthless in response. The bleeding hearts and soft spines, like zok, will tell you to just sit back and relax, and allow yourself to be hacked, just enjoy yourself and the intrusion attempts, but the admin who does best is the one who is heartless, cruel, decisive and therefore quite effective. Just tellin' it like it is, is all.
-
2017-02-17 at 11:08 PM UTC
Originally posted by -SpectraL No security is perfect. The best you can do is be ruthless in response. The bleeding hearts and soft spines, like zok, will tell you to just sit back and relax, and allow yourself to be hacked, just enjoy yourself and the intrusion attempts, but the admin who does best is the one who is heartless, cruel, decisive and therefore quite effective. Just tellin' it like it is, is all.
I'll kill you -
2017-02-17 at 11:12 PM UTC-SpectraL once estimated that the population of Earth is 12 Million people.
I wish I was joking but he knows it's true. -
2017-02-17 at 11:20 PM UTC
Originally posted by -SpectraL No security is perfect. The best you can do is be ruthless in response. The bleeding hearts and soft spines, like zok, will tell you to just sit back and relax, and allow yourself to be hacked, just enjoy yourself and the intrusion attempts, but the admin who does best is the one who is heartless, cruel, decisive and therefore quite effective. Just tellin' it like it is, is all.
That's the stupidest systems administration advice I've ever heard. Nigger, have you ever even put up a web service in your life?The following users say it would be alright if the author of this post didn't die in a fire! -
2017-02-18 at 12:37 AM UTC
Originally posted by benny vader so what should i use ?
Originally posted by Captain Falcon A VPN that doesn't keep logz
Use Tor. And recognize that some people *ahem ^^^^^^* will give intentionally bad advice.
Assume all VPNs keep logs. Tor nodes may or may not keep logs and may or may not be compromised. Since Tor entry node doesn't know what resources you request and Tor exit node doesn't know who is making the request it would require every node be compromised or you to fuck up in some other way in order to be traceable (or some more complex attack which they aren't going to burn for no reason).
-
2017-02-18 at 1:36 AM UTC
Originally posted by TreyGowdy Use Tor. And recognize that some people *ahem ^^^^^^* will give intentionally bad advice.
Assume all VPNs keep logs. Tor nodes may or may not keep logs and may or may not be compromised. Since Tor entry node doesn't know what resources you request and Tor exit node doesn't know who is making the request it would require every node be compromised or you to fuck up in some other way in order to be traceable (or some more complex attack which they aren't going to burn for no reason).
Tor is a well thought out, sound idea but at this point it's safe to assume that the best security it offers is noise; you aren't doing anything too important, so nobody is willing to put in the now-low (but slightly higher than if you weren't using anything) threshold of work necessary to fuck you up. However due to the nature of Tor, if someone *is* interested in you in particular then it's easy to target you with a correlation attack.
VPNs, even if you assume they keep logs, offer you better protection with regards to "noise", and also aren't nearly as susceptible to the correlation attacks that can target Tor users. -
2017-02-18 at 1:47 AM UTC
Originally posted by Captain Falcon Tor is a well thought out, sound idea but at this point it's safe to assume that the best security it offers is noise; you aren't doing anything too important, so nobody is willing to put in the now-low (but slightly higher than if you weren't using anything) threshold of work necessary to fuck you up. However due to the nature of Tor, if someone *is* interested in you in particular then it's easy to target you with a correlation attack.
VPNs, even if you assume they keep logs, offer you better protection with regards to "noise", and also aren't nearly as susceptible to the correlation attacks that can target Tor users.
Correlation attacks means that an adversary has to control a huge amount of nodes. That's just not going to happen unless your adversary is a nation-state. And yeah good protection a VPN, until your provider gets subpoenad, don't expect your VPN provider to go to jail for you because they won't. -
2017-02-18 at 2:31 AM UTC
Originally posted by Sophie Correlation attacks means that an adversary has to control a huge amount of nodes.
Not at all. Here's a simple example:
http://www.forbes.com/sites/runasandvik/2013/12/18/harvard-student-receives-f-for-tor-failure-while-sending-anonymous-bomb-threat/#7005930369f0
This was 100% a correlation attack and of course he would probably be fine if he wasn't a retard and used a bridge or something, or if he hadn't immediately confessed but I'm just giving a simple example.That's just not going to happen unless your adversary is a nation-state.
If you're planning to do something illegal enough to be hunted down, then that's exactly who your enemy is. If the NSA can create their insanely huge dragnet the way they already do, I honestly see no reason why they couldn't create several thousand nodes and control 90%+ of them.And yeah good protection a VPN, until your provider gets subpoenad, don't expect your VPN provider to go to jail for you because they won't.
This is why you pick a VPN service based outside of the jurisdiction of the country in which you are based, and who do not keep logs. And anyone who says VPN providers lie abou keeping logs is full of shit, because there is no reason to; they specifically do not for liability reasons, and AFAIK there are no laws in place practically anywhere that necessitate log keeping.
-
2017-02-18 at 2:37 AM UTCAnd a bigger problem than any of that is that Tor is great on paper but IRL, software can be muddy. Many times in the past, security vulnerabilities in Tor have been leveraged to assfuck many people (including shitbags who deserve it). The broad concept is great but the software is released and maintained by a list of john-doe style names that is essentially a black box (and unless you compile the released sources yourself, you are literally running absolutely unknown software anyway).
As I said, on paper, Tor is amazing. In reality, it's clearly the "free" solution to an expensive problem. For your day to day security, a VPN is a far superior solution. If you are going to nuke Afghanistan using super 1337 haxxing, then you're probably going to be better off war driving, to start. -
2017-02-18 at 10:52 PM UTCI changed my mind on this, the fix made image loading subject to UA CORS policy which is fucking up a lot of legitimate embedding. This is the user agent's responsibility to handle correctly. If you don't like the prompt you can install a browser that does the right thing with basic auth on cross origin images (like Chrome) or disable images (your browser probably supports this, also a user setting).
Also correlation attacks are an easy fix, put on a cap and some sun glasses and go to a starbucks or some shit. -
2017-02-18 at 10:57 PM UTCalso also I'm not sure being on tor in the general timeframe that a bomb threat is received will hold up as probable cause. The article didn't say anything about a warrant being issued and even if it is, unless the FBI can turn out evidence from a search (which the student has plenty of time to destroy now) it won't be enough for a conviction.
-
2017-02-18 at 11:20 PM UTC
Originally posted by Lanny I changed my mind on this, the fix made image loading subject to UA CORS policy which is fucking up a lot of legitimate embedding. This is the user agent's responsibility to handle correctly. If you don't like the prompt you can install a browser that does the right thing with basic auth on cross origin images (like Chrome) or disable images (your browser probably supports this, also a user setting).
Also correlation attacks are an easy fix, put on a cap and some sun glasses and go to a starbucks or some shit.
You could have just blacklisted Arnox' domain, kid. It's the only server causing an issue. -
2017-02-18 at 11:24 PM UTC
Originally posted by Lanny also also I'm not sure being on tor in the general timeframe that a bomb threat is received will hold up as probable cause. The article didn't say anything about a warrant being issued and even if it is, unless the FBI can turn out evidence from a search (which the student has plenty of time to destroy now) it won't be enough for a conviction.
As I said, in that particular case if the student hadn't immediately confessed he probably wouldn't face too much trouble. It's just one example of the type of shit people don't think about that can be used to nail you to a wall.
And again, if you want to do something that will attract government attention, the #1 thing you want to do is leave your own place of residence, fuck off and do your business from somewhere else.
But for day to day privacy, a VPN with up to date, normal software is the better solution by far. Tor is slow as shit, with god knows what vulnerabilities and backdoors, and it's theorized that the feds flag Tor users, so you're probably calling attention to yourself by the mere act of using Tor
http://www.digitaltrends.com/computing/nsa-labels-linux-tails-users-extremists/ -
2017-02-18 at 11:26 PM UTC
Originally posted by Captain Falcon As I said, in that particular case if the student hadn't immediately confessed he probably wouldn't face too much trouble. It's just one example of the type of shit people don't think about that can be used to nail you to a wall.
And again, if you want to do something that will attract government attention, the #1 thing you want to do is leave your own place of residence, fuck off and do your business from somewhere else.
But for day to day privacy, a VPN with up to date, normal software is the better solution by far. Tor is slow as shit, with god knows what vulnerabilities and backdoors, and it's theorized that the feds flag Tor users, so you're probably calling attention to yourself by the mere act of using Tor
http://www.digitaltrends.com/computing/nsa-labels-linux-tails-users-extremists/
Don't be such an alarmist, if TOR had backdoors the security community would have found out by now. TOR is open source bro. -
2017-02-19 at 12:53 AM UTC
Originally posted by Sophie Don't be such an alarmist, if TOR had backdoors the security community would have found out by now. TOR is open source bro.
Already addressed this. If you want to compile it yourself from the released sources then that's good. Nobody knows whats up with the binaries you download off their site. A lot of people recommend Tor as the ezpz anonymity and trust me, I would bet my houses on the fact that 99.999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999% of Tor's users don't compile from the source, they just download their executables and run it, and this leaves you with literally no idea of what's up.
I'd rather trust in VPN providers having their own self interest, which lines up with my self interest, and use software that has a lower chance of security risks for my day to day browsing.
Post last edited by Captain Falcon at 2017-02-19T01:06:03.195908+00:00
