So this is now getting derailed, but as a simple footnote:
I think the main issue being argued is merely that while you’re thinking about obfuscation @ThatGuyB because you’re focusing on the context of hiding within TOR traffic, what @level1 (and what I was commenting on earlier) was saying is that obscurity in a very direct sense does offer value in a security sense (can’t hack you, if they can’t find you) because the act of “obfuscation” is defined as “to make something obscure” (so while the two words are not the same, the way @level1 was using it is correct in this context) which kinda means you both are arguing over something you agree on.
This became more confusing because the language you were using earlier, Biky, implied that obscurity as a security measure has no value, but than basically go on to describe the process of obscuring something as a security measure.
At the end of the day, security is a complex, multi-faceted thing and I think some communication was simply lost in the weeds here when @ThatGuyB focusing more technical details of actual implementation of security measures in regards to TOR and me and @level1 were just taking a jab at the high level “absolute statements suck because they propagate bad inherited wisdom”
Edit:
I will admit it took me a couple re-readings to parse out you weren’t disagreeing with me, Biky, due to the dense nature of you’re response but thats not a bad thing
Edit2:
Just to make sure we’re all on the same page
Also, I think you’re definition of “obscure” is a bit too narrow @ThatGuyB ; it’s commonly just used to describe something as “hard to find or hidden” which can easily translate to something like “bury the safe in an undisclosed location” or “hide within the crowd of pedestrians” (which granted, is the act of obfuscation technically, but the end result is to achieve some level of obscurity) and both of those have value, eg, the former being the equivalent of keeping sensitive documents in a hidden personal safe and the later describing what you were highlighting with TOR
We already moved the discussion in chat, in order to not derail this further. I know we agreed on the underlying tactics, I even mentioned that, but we were fighting over definitions of terms (which is always fun /s).
Obscure and obfuscation are similar terms and are often used interchangeably, but they are not the same, that was the whole point.
Still, I think this topic should remain open for others to chime in, since we decided to take our polite discussion elsewhere, in order to keep the topic relevant.
It’s not. Look to your right, then your left. If you see an electronics device you’re being spied on. This is a healthy starting point for digital privacy.
That is a problem because normal sites HAAAAATE TOR which makes for a significantly lesser user experience. With less users, there will be less volunteers to run these normal nodes, forcing the government to run their own.
You shouldn’t be exiting the Tor network in the first place, exit nodes are a dumb concept. The problem is not that sites hate Tor, as in, not allowing Tor users to access their cleannet sites, the problem is that sites hate Tor, as in, not doing their own hidden services directly in onion land (i.e. doing a .onion domain version of their websites, preferably onion v3).
When even facebook has an onion address, I say other websites should be ashamed for not following suit. But with that said, I don’t know if facebook allows you to register from the within the Tor network, just like ProtonMail redirects their registration page from .onion to their clearnet website.
Yes, it’s funny that people actually login to facebook from within Tor, but still, if you could register anonymously to a website (that is not facebook), I see no reason why you shouldn’t login to a darknet website. Obviously don’t give them your details, but yeah, facebook onion is a hilarious concept to begin with.
Yeah, probably they did Tor facebook for dissidents from countries with less free (as in freedom) internet.
Not sure what would be the difference between 3 node and 6 node connection to facebook onion, because you can’t really know how many nodes a user even goes through. On garlic land, you have 6 routers you go through in one direction / flow because that’s how the tunneling is set by default (3 outbound, 3 inbound) and different inbound and outbound tunnels. But obviously there’s no facebook there (which I believe it’s a good thing).
I want to set up my own… using a botnet. I believe there is a way to remain 100% anonymous and secure, Im not just smart enough to know what that is yet. If I have to learn everything and make the fucking thing I plan on it. just for lols. Cause it is fun and interesting to learn this stuff afterall. Im no scientist, except what you could consider a “mad” scientist. lol hahahahaa oh yea. snap into a slimjim!
How can you even be sure its Facebook’s onion site and not a mirror made by collaborative intelligence agencies? (cough DARPA cough LIFELOG cough)
^^ People think this is hyperbolic, but honestly it’s not.
The rabbit hole on privacy is never ending and you know what? My main take away was don’t over think it.
I spent an entire month trying to switch from Chrome to Firefox on all my devices and dial in good privacy settings; I now use Chromium Edge with default settings.
I spent a good while hardening my Windows install; I now use the default settings.
I still use cryptomator for making encrypted container on OneDrive and still use a few other tools and browser extensions, but I no longer stress or worry about MSFT, Google, Apple stealing all my data. I narrowed my digital footprint to keep my data to Apple and MSFT as much as possible, but thats just preference at the end of the day and lets me feel good about avoiding Google.
Honestly, as long as the average person follows basic data hygiene practices, they’re pretty much fine. Everything on top of that is extra and generally not needed.
That was not what I was saying. And I am not sure why you would think running your own botnet would be illegal? I can see where I was hacking into other peoples machines to use them as a botnet, that would be illegal sure; that is not something I would do.
or, you are implying that doing this would make you 100% anon and that is why it would be illegal. thus is exactly what everyone should be doing.
I can say that I use TOR relays for daily browsing. Usually then also combined with a VPN.
Not giving my IP address or other “vital” information to the website hosts.
I also check if website use HTTPS/2 or not.
If there are practices I am missing like not to use google. Then it is either that I use that service or that I don’t know about the feature that gets “me killed”.
but thats not a bad thing