So when I first learned about TOR almost 10 years ago in uni, it was said to be compromised to a significant extent by secret services holding entry and exit nodes.
Iirc holding both the entry and exit of a routed connection, you can in theory match traffic going through, which would let you connect a user to the server/site they are connecting to. It might still be encrypted at that point, idk the details anymore.
I also heared that bit about the secret service owning nodes a few years ago. It was trough a teacher that’s also really in the stuff outside of teaching, and has a network of non-teaching proffesionals in the field.
It’s something to keep in mind, at the very least. Tor already has some weaknesses anyways. You shouldn’t trust it blindly just because it’s Tor. If anything, I think it more has a false rep for how strong it is over struggling with a stigma.
I don’t think a single credible source has shown this to be a vulnerability. You’re talking about an attack that would cost, what, millions of dollars to run per day?
So when I first learned about TOR almost 10 years ago in uni, it was said to be compromised to a significant extent by secret services holding entry and exit nodes.
Is that not true anymore?
Try i2p
Compare and use the right service for your needs: https://geti2p.net/en/comparison/tor
Interesting, ty
Aren’t bridges meant to prevent that?
Iirc holding both the entry and exit of a routed connection, you can in theory match traffic going through, which would let you connect a user to the server/site they are connecting to. It might still be encrypted at that point, idk the details anymore.
No, bridges are meant to bypass censorship
I also heared that bit about the secret service owning nodes a few years ago. It was trough a teacher that’s also really in the stuff outside of teaching, and has a network of non-teaching proffesionals in the field.
It’s something to keep in mind, at the very least. Tor already has some weaknesses anyways. You shouldn’t trust it blindly just because it’s Tor. If anything, I think it more has a false rep for how strong it is over struggling with a stigma.
It was pretty much the same context for me, yeah.
Opsec always applies
Most of the nodes are hosted by Tor Foundation itself
[citation needed]
Is there any way to check that?
Yup. You can check a lot of stat about a node on tor website. https://metrics.torproject.org/
If true, I’m not happy about that. I want lots of different owners so it’s harder to compromise the network by compromising a single entity.
I don’t think a single credible source has shown this to be a vulnerability. You’re talking about an attack that would cost, what, millions of dollars to run per day?
Dunno if it’s all that expensive when there are hundreds of nodes on several individual malicious networks confirmed https://nusenu.medium.com/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac
You’d need much more than hundreds of nodes.
The graph tracks exit probability and the article speaks about the matter, especially what you’re referencing. Check it out.