I have heard from the guys that TOR is bad. Why is that and what are good replacements?
Getting a VPN or setting one up on a rented server.
This is a pretty big topic. But in terms of the "why" is it bad...
-TOR was made as an experiment. That is all. It wasn't intended to be a solution. One of the biggest problems can be summarized in saying that you, the user, has no idea who is in control of the nodes. In the TOR network, any nodes you hit in between your entrance and exit make little difference to your security if most traffic enters and exits locally. By locally I mean geographically similar in IP terms. The idea is if someone can see whats going in, and has control where you are exiting, the dots can be connected and you can be identified.
If you are interested in learning more I recommend this recent podcast.
starts are 1:54
It's susceptible to something called a Sybil attack, shown here. This is a fundamental flaw in P2P networks and can only really be mitigated rather than removed completely. In my opinion it is still a significant security tool if you can use it properly, e.g. making the first hop a specific server that you trust and using google to bounce your connection from to disguise traffic. It has some big flaws, but that doesn't make it useless, just harder to use properly for new users. VPN's don't solve these issues, they really just transfer trust to a private organization instead of a P2P network. Some VPN's are completely insecure and/or sell your data off anyway. I personally don't like transferring trust to a private organization that can profit from my information. If you want to be truly anonymous, it's a little more complicated involving semi-legal and outright illegal procedures. One of the semi-legal options you have is using something called a ProxyHam , shown here, this will effectively give you anonymity even when your connection is compromised. If you don't want internet access and just want a secure channel to communicate with I2P is amazing. You can even use it to host your email that's open to the public, effectively giving you an untraceable email address, mine is [email protected] for public email and [email protected] on the I2P network.
Logan is exaggerating the problems with TOR. And his backing for that claim is really fishy. There's evidence that the NSA can deanonymize some users some of the time, but that they can't choose which users to target.
Regarding the latest TOR vulnerability from Hacking Group that they talked about in the most recent The Tek: If they have sufficient access to insert a trusted root certificate on your machine, you're screwed whether or not you're using TOR since they control your machine.
Bottom line is that TOR is still secure, but that it can be circumvented in some cases. As with all other security tools, you just need to know what you're doing.
If you want to know more about TOR, there's several talks about it from this years Chaos Communication Congress (31C3). For example:
The State of the Onion
Tor: Hidden Services and Deanonymization
i just got an article on my facebook wall about HORNET, which aims to be a faster, more secure TOR