I used Tor for surveillance. But an appropriate kind, IMHO.
I used Tor as a small part of one of the capabilities of a supply chain integrity startup. I built a fancy scraper/crawler to discreetly monitor a major international marketplace (mainstream, not darknet), including selecting appropriate Tor exit nodes for each regional site, to try to ensure that we were seeing the same site content that people from those regions were seeing.
Tor somehow worked perfectly for those needs. So my only big concern was making sure everyone in the startup knew not to go bragging about this unusually good data we had. Since we were one C&D letter away from not being able to get the data at all.
(Unfortunately, this had to be a little adversarial with the marketplace, not done as a data-sharing partnership, since the marketplace benefited from a cut of all the counterfeit and graymarket sales that we were trying to fight. But I made sure the scraper was gentle yet effective, both to not be a jerk, and also to not attract attention.)
(I can talk about it now, since the startup ran out of runway during Covid investor skittishness.)
RGamma · 4h ago
> selecting appropriate Tor exit nodes for each regional site
So, a proxy? Onion routing doesn't really play a role for this use case.
neilv · 4h ago
> So, a proxy? Onion routing doesn't really play a role for this use case.
The onion routing obscured our identity from the "proxy" exit nodes.
Separately, Tor was also a convenient way to get a lot of arbitrary country-specific "proxies", without dealing with the sometimes sketchy businesses that are behind residential IP proxies.
(Counterfeiting/graymarket operations can be organized crime. I'd rather just fire up Tor, and trust math a little, than to try to vet the legitimacy and intentions of a residential IP broker.)
wslh · 2h ago
The Tor exit nodes are public.
qualeed · 2h ago
They were concerned about the exit node identifying them, not the site identifying that a Tor exit node is connecting.
sidewndr46 · 3h ago
Why would you need to obscure your identity from the exit nodes?
qualeed · 3h ago
So that the exit node can't go to the site they were scraping and say "this is the person scraping your site".
radicaldreamer · 1h ago
But you'd have relays in between, there's no way an exit node would know who is scraping...
qualeed · 1h ago
Right, but the question was "why would you need to obscure your identity from the exit nodes", in the context of why the person chose Tor vs. a simple proxy.
trod1234 · 4h ago
Honestly what he describes sounds like Raptor (Princeton Report, 2015)
neilv · 2h ago
How is this related to Princeton's Raptor, other than having the keywords "Tor" and "surveillance"?
(Strange coincidence: We also had different key tech with the codename of Raptor, but it had nothing to do with Tor nor Web scraping. It was for discreet smartphone-based field auditing of physical product, in global physical retail and other locations. The codename was the result of a great morale-boosting impromptu brainstorming session between engineering and marketing people ("can you help think of a cool codename for this..."), and the resulting name highly apt, at least for the movie velociraptors. I built it, and, until Covid disrupted our F500 customers and investors, I was looking forward to hiring engineers to do further work on something cool-sounding like "Raptor", rather than "internal-app" or whatever first came to mind when creating the Git repo. :)
trod1234 · 46m ago
The major attack of concern described in the paper is the transparent early terminated encryption attack, and root trust signing that fall under effectively the same centralized hands at the AS level.
Where an AS level entity MITMs all outbound connections from a region in automated fashion for collection, before that traffic ever makes it to TOR or its destination.
It works for TOR, TLS, pretty much any protocol out there where key exchange or trust occurs; so long as the protocol is known and has distinct classifiable characteristics allowing computation to automatically do this.
There have been instances where public certs issued by a CA with the same domain names, but are issued from a root CA that is other than the legitimate site's root CA which are used for attacks. CT logs don't stop this either.
There is a lot of ephemeral content, and private information that can be both collected, and injected on a targeted basis if one has access to such junctions which the industry (Telecom) has proven time and again that they can't secure following basic practice; largely because mandates to backwards compatibility at the regulatory level.
Social credit, where invisible factors people don't control force those same people into poverty through targeted denial of service (communications for job hunting/social contacts), zersetzung, etc; that all would be a breeze to set up without any external indicator, or remedy using that attack.
What the target sees vs what everyone else sees would be quite different, and of course there would be people that gaslight and torture on top of it all (as a natural psychological defense mechanism of denial).
Compromised communications under such type of attacks are madness inducing.
RobRivera · 2h ago
HEH
I'm letting my imagination fill in the color on the specifics here and I'm working up a little grin.
A hat tip to you
cedws · 4h ago
What was the scraper gathering specifically?
neilv · 4h ago
Listings of items for sale (for ~100 brands), and how that changed over time. With the marketplace having a pretty rich schema to reconstruct from their server-side rendering.
One of the purposes was cold sales outreaches to an exec at a brand, maybe something like, "Here's a report about graymarket/counterfeit of your brand online, using data you probably haven't seen before; we have a solution we'd like to tell you about".
woadwarrior01 · 4h ago
If I could wager a guess, it sounds like the startup was in the business of scraping Amazon.
neilv · 4h ago
No. And when people share info on HN, I don't like to see speculation in the comments about things they obviously intentionally didn't say (assuming that they seem to be speaking in good faith). That person, and other people who see the dynamic, presumably are less likely to share in the future.
ribosometronome · 3h ago
I feel there is a level of irony in you being bothered about people interacting with content you've shared in a way you don't like when said content is a story about you interacting with other's content in a way they've explicitly put up barriers to try and stop you from doing that.
neilv · 2h ago
Who said the site put up barriers?
I think you have a valid general question (and you'll note I said "appropriate kind, IMHO" at the top of the original comment, acknowledging others might disagree that it was appropriate), but I'd like to contrast two distinct situations:
* A collegial forum, where people might go to share information, sometimes with discretion about what can and can't be said (or just comfort levels).
* A large corporation that was profiting off of illegal businesses (e.g., contract-violating, IP-violating, defrauding buyers, possibly fencing), and we wanted to gather evidence of that on behalf of some of the harmed parties, to try to stop it. And we did that in a technologically gentle, non-disruptive way. And (as I mentioned in the original comment) we had a conscious policy to immediately cease if we were ever told to.
keysdev · 4h ago
Thank you for pointing that out. Really appreciate you sharing.
To the parent, please do not try to lure info out of people it is just not cool online or in real life when people obviously are being generic for a reason.
amarcheschi · 2h ago
Did you know if you violated any ToS with your software? If yes, why did you feel compelled to continue?
neilv · 1h ago
No.
amarcheschi · 1h ago
Ok, with the phrasing used it looked much more sus than it is then :)
vhcr · 2h ago
You won't be able to scrape Amazon using Tor.
daft_pink · 1h ago
I think they publicized it so they could obscurely use it for military purposes. The users are easy to spot if they are all military users. Get tons and tons of regular users to use it and you obscure who is trying to hide.
esseph · 12m ago
This is exactly it from what I have heard. I have heard this from a large number of trustworthy sources over the years.
It's a really good book! I was on the very edges of this scene for a chunk of the time described, and I thought it managed to catch a lot of the complexities without picking one possible narrative over another.
Plus I learned a lot -- it came out of some academic research that pursued a unique angle: finding and talking to the Tor exit node operators about their experiences, rather than just say the developers, the executives, or the funders.
Thanks for that. Is it available as epub? I would like to read it on Kindle.
ricardo81 · 5h ago
I'd never used Tor, though had to scrape a bunch of things that required different IPs. I figured their endpoints were already tarred.
With the porn block in the UK though, the "New Private Window with Tor" in Brave is very convenient.
Maybe not for long, or maybe not. I guess websites don't need to comply beyond a certain point.
There are tons of "residential proxy" and whatnot type services available, IP being a source of truth doesn't seem to matter much in 2025. The Perplexity 'bot' recent topic being an example of that.
Basically if you want to access any resource on the web for a dollar a GB or so you can use millions of IPs.
freedomben · 4h ago
Indeed, I've investigated some cyber attacks recently that came from residential IPs in California and NY, though investigation turned up the real origins as coming from India. It's pretty easy to pull off nowadays
deadbabe · 1h ago
Any tutorial?
trod1234 · 4h ago
The problem with most infrastructure is that there's a big gap in security where it centralizes, and its transparent.
To understand how, you should review the Princeton Report's Raptor attack, and understand how it works (2015).
lenerdenator · 6h ago
I've never felt like I knew how to use Tor correctly, or trusted anyone to be able to guide me on that.
abdullahkhalids · 4h ago
Simply download the Tor Browser [1], which is simply a hardened version of Firefox that connects to the Tor network.
Don't install addons in this browser. Don't resize the browser window. All tor browsers instances have the same default window size, which prevents websites from tracking you. Obviously don't login into websites with your regular email or provide websites with your PII.
If you are in a country or on a network that blocks the basic Tor network, the FAQ explains how to get around this by using Tor bridges or other techniques [2].
Also don't use non-HTTPS websites while using Tor, and avoid downloading things on hidden services. Using a clearnet website's hidden service is better than the https version if available (duckduckgo and reddit offer both, for example), too, although only marginally so
qualeed · 1h ago
There's a ton of little things like this (e.g. you also should consider not using bookmarks, or at least avoiding obscure ones).
This mitigation helps protect the individual Tor user (e.g. with a unique 1726x907 px window) being fingerprinted across multiple sessions / sites.
Scoundreller · 2h ago
While not perfect, I thought tor rounded reported resolution to a small set of values
abdullahkhalids · 1h ago
You are correct. I was going off my memory. They say [1]
> To prevent fingerprinting based on screen dimensions, Tor Browser starts with a content window rounded to a multiple of 200px x 100px. The strategy here is to put all users in a couple of buckets to make it harder to single them out.
Moreover, even if you resize your window, the browser tries to protect you
> by adding margins to a browser window so that the window is as close as possible to the desired size while users are still in a couple of screen size buckets that prevent singling them out with the help of screen dimensions.
They removed OS spoofing just recently, and there isn't a mitigation for Raptor, some think meek might help with Raptor, but its very much up in the air.
I haven't kept up with the space much since then, so am unaware if there is more recent work.
In any case, there are valid threat models where you want to mitigate website fingerprinting but aren't necessarily concerned with AS-level adversaries.
trod1234 · 58m ago
I've seen that, but I didn't see much of a mitigation, though I'll go back and recheck just to be sure, I was pressed for time last time I look at that.
In fairness, most of big tech are AS-level adversaries at this point.
Active attack through BGP-hijacking may be partially mitigated, but this isn't really needed for the most pernicious attacks which are interception/injection from a regional entity that's routing to the broader internet (outbound connections).
The same entities can do early transparent encryption termination for outbound connections (to the general web) since they have their own private signing keys tied to root trust CAs (just not the one the valid cert was issued to), and that lets them collect a treasure trove of forensic artifacts to improve their citizen dossier for advertisers/highest-bidder, or inject content that is ephemeral in nature.
bauruine · 4h ago
The list of Tor nodes is public so it's trivial to detect a user is using Tor you just have to check the IP.
keysdev · 4h ago
Or a computer of that window size, and there a lot browsers that dont support js.
sorenjan · 3h ago
Is window size visible to web sites when java script is turned off? It's off by default in Tor browser.
qualeed · 3h ago
It's on by default in Tor browser.
You have to explicitly switch to "Safest" mode to turn it off completely.
>Why does Tor Browser ship with JavaScript enabled?
We configure NoScript to allow JavaScript by default in Tor Browser because many websites will not work with JavaScript disabled. Most users would give up on Tor entirely if we disabled JavaScript by default because it would cause so many problems for them. Ultimately, we want to make Tor Browser as secure as possible while also making it usable for the majority of people, so for now, that means leaving JavaScript enabled by default.
Yes, CSS and <picture> etc. can load different resources based on viewport size. Then there are side channels like lazy loading, layout + what you interact with.
For a guide that goes into so much detail (as far as suggesting enterprise-grade drives, recommended RAID configurations, etc.), not even a passing mention of Tails or Qubes-Whonix is a really interesting choice (read: discouraging omission)!
sherr · 5h ago
I sympathise with a bit of paranoia about this. Personally, I'd use a platform like "Tails" (do your own research) which wraps Tor up in a USB bootable Linux OS.
The generally recommended way is to download Tails to a USB thumb drive and boot off of that. This is safer than just using the TOR browser and if something does attack your system none of your actual data is on the OS.
i wish they were also a lifeline for censorship too, tor is effectively non functional in many countries :(
markasoftware · 2h ago
tor tries very hard to bypass censorship. Have you tried the numerous Tor bridges, or the new Snowflake p2p bridge?
taminka · 1h ago
yeah none of them work in russia, only thing that works is xray vpn
NoSalt · 4h ago
Especially as the internet, itself, started as a military project. [DARPA]
jmclnx · 5h ago
I ran a bridge until recently, but the server died a heat death after I moved to another apartment :(
I have not yet had time to find a suitable replacement machine. But running a bridge is a cheap, safe low network volume method people can help out from home. I had it going to help people in 'bad' countries to get out to the rest of the world.
A lifetime ago, I ran bridges from RAM only distros. But early versions of the Dan list (1st in wide use) killed that.
DL didn't try hard to differentiate between bridge IPs and exit IPs. Server hosts just grabbed the first list they saw and blocked with it.
It was years before the notion of Exit != Bridge became understood but everyone had moved on. We're at the entropic 'No One Cares Anymore' phase now.
costco · 41m ago
Were you running specifically a bridge or just a non exit relay? Bridges are generally unlisted and are somewhat expensive to mass scrape (the bridge distributors will require captcha or email or Telegram etc) so they are less likely to show up in those lists. Whereas all relays are listed in the consensus and can be trivially enumerated.
zwnow · 6h ago
Isn't Tor dead? Wasn't it infiltrated long ago?
markasoftware · 2h ago
It depends on your threat model. Tor is focused on hiding from small-scale passive adversaries (eg, you're in Iran and don't want the Iranian government to see what you're doing. Or your ISP. Or any single node operator). Even the original Tor paper makes it clear that Tor isn't secure against a "global passive adversary" that can observe a large portion of global internet traffic, like the five eyes likely can today.
If you want to avoid global passive adversaries, a mixnet like Nym can work. I'm also working on a related project which takes a different approach of building your own circuit of proxy servers manually with lots of traffic padding: https://github.com/markasoftware/i405-tunnel
zwnow · 2h ago
I just use it to get books for free so idk about all the state regulation stuff.
bevr1337 · 5h ago
It's been assumed that three-letter agencies operate many exit nodes for a hot minute. I don't know if this is a special case of infiltration because it's TOR SOP.
HDThoreaun · 2h ago
This isnt necessarily malicious. As the OP states TOR only works if a lot of people use it for regular browsing. The government wants it to work for the covert stuff so they need buy in from regulars and improving the service is how to do that.
impossiblefork · 5h ago
I personally can't see how it can be secure without dummy messages.
8organicbits · 5h ago
What makes you believe that?
zwnow · 5h ago
Read some story about some authority having set up tons of servers within the tor network to bust some criminal activity effectively making it not anonymous anymore. Was a while back on HN
thewebguyd · 5h ago
The feds and other equivalent agencies in other countries have been running exit nodes for years, but its still better than most solutions even if not perfect. Anyone who has gotten caught though likely wasn't because of any flaws in Tor (or said exit nodes) but because of other lapses in OpSec.
That being said, yes, feds can de-anonymize traffic, probably reliably at this point. There are only about 7-8000 active nodes, most in data centers. The less nodes you hop through, the more likely that traffic can be traced back to the entry point (guard node), and combined with timing can be reasonably traced back to the user. Tor works best with many, many nodes, and a minimum of three. There's not as many nodes as there needs to be so quite often it's only 3 you are going through (guard node/entry point, middle node, exit node)
Plus browsing habits can also be revealing. Just because someone is using Tor doesn't mean they also have disabled javascript, blocked cookies, aren't logging into accounts, etc.
I can't find a link, but I think people have done simulations and the privacy benefits of more hops are not as great as one might think. If you control the guard and exit, then traffic confirmation is relatively easy by just looking at timing and volume of traffic no matter how many hops are in between.
bombcar · 5h ago
> Anyone who has gotten caught though likely wasn't because of any flaws in Tor (or said exit nodes) but because of other lapses in OpSec.
There have been some cases where some consider the "other lapses in OpSec" to be parallel construction to disguise a Tor vulnerability/breach, and others where the government has declined to prosecute because they'd have to reveal how they know.
If Tor were compromised, we'd likely not know. It's highly likely that it's fine for "normal people" things.
ls612 · 4h ago
At least back in the Snowden days it was very unreliable for the US to deanonymize Tor traffic based on those documents.
lenerdenator · 4h ago
That was over a decade ago. They've almost certainly progressed since.
... now my back hurts and I want the damn kids off my lawn.
ls612 · 4h ago
I mean if anything it’s harder today in many ways for the government than it was during the Snowden days, because that prompted tech people to take internet security seriously. Look at the cost trends for 0days over the past ten years.
openasocket · 5h ago
Does controlling exit nodes necessarily help with deanonimizing? You would need control of the internal nodes for classic de-anonymization, or monitoring of both the exit nodes and the originating network for timing attacks. Also, exit nodes aren’t involved in hidden services. That 7-8000 figure you quoted: is that just exit nodes, or all nodes? My understanding was there aren’t a ton of exit nodes because anyone operating an exit node is liable to get harassed by people impacted by any malicious traffic originating from Tor. But that isn’t really an issue for internal nodes, and so there are more of them
thewebguyd · 4h ago
Controlling an exit node alone doesn't help, but controlling both entry and exit nodes does.
Looks like about 8,000 relays, inclusive of entry and exit nodes. Looks like about 2,500 exit nodes, and ~5,000 guard nodes. With that few I'd say it's reasonable to assume that a large number of both entry and exit are controlled by government agencies, at least enough to reliable to conduct timing attacks against a specific target they are interested in.
gausswho · 4h ago
Am also interested in the current understanding of culpability in the US for operating an exit node.
thewebguyd · 4h ago
> Am also interested in the current understanding of culpability in the US for operating an exit node.
It's a little ambiguous.
Section 230 (which continues to be under attack) provides some legal immunity, along with the DMCA is a safe harbor against copyright infringement claims for the Tor relay operator. Running a middle relay is generally fine and safe.
But, running an exit relay is risky. Even if you can't be held legally liable for the traffic coming from the exit, you could still get raided, and it has happened before where exit node operators have been raided after the traffic coming out of it was attributed to the node owner.
That being said, it's legal to run an exit node (for now). The problem is more so dealing with the inevitable law enforcement subpoenas or seizures, and having the money and resources to prove you are innocent.
The article talks about a user who was using very old software, which seems like a pretty straightforward mistake. There's a bunch of speculation in the comments about other things, but I don't really see sources cited, so it's hard to tell what informs those opinions.
chews · 5h ago
It was always that way, Ross Ulbrect was connected to his dark website by tracing via exit nodes.
Tor was always a government tool.
thewebguyd · 4h ago
> Ross Ulbrect was connected to his dark website by tracing via exit nodes
Ulbricht wasn't caught because of flaws in Tor, but he made other mistakes. He posted stuff on LinkedIn alluding to his activities, he used a real photo on his fake IDs to rent servers, he used his real name, posting a question on stack over flow about running a Tor service, he posted his personal gmail, looked for couriers on Google+, and lastly paid an undercover cop for a hit.
As for getting his location, once the feds gained acccess to silk road, they matched up activity logs, his posting habits were consistent with being in the pacific time zone, and they matched up his user name between his posts on silk road as altoid and he reused the same screenname, associated with his gmail address and full name, on other websites.
A series of stupid opsec mistakes got him caught, not Tor.
lenerdenator · 4h ago
All of this should serve as a reminder that if .gov really, really wants you, they've got you.
Unless, of course, they want everybody, which even they don't have the resources to handle.
mburns · 2h ago
It should (also) serve as a reminder that OpSec is important.
throwaway290 · 1h ago
Maybe a reminder to also not sell heavy drugs to children or to order murder for hire?
cluckindan · 18m ago
When did he sell heavy drugs to children?
When did he sell drugs?
Ray20 · 5h ago
The observable world around us.
In a world where Tor is not a honeypot of some three letter agency, there are implementations of projects like Jim Bell's Assassination Politics. In a world where Tor is not a honeypot its use would be banned, much like the use of Tornado Cash was banned and shut down until the secret services took control of it.
And we obviously don't live in such world.
8organicbits · 5h ago
> its use would be banned
There are many places in the world where direct access to Tor is blocked. There are many countries where use of a VPN is illegal, VPNs are required to log by law, etc. I disagree with this premise.
Probably because those governments don’t control the honeypot.
trod1234 · 3h ago
Those countries seek destructive control of all within its sphere of influence.
There are generally two types of countries, those that seek agency, independence, and freedom of rational thought and action; which requires privacy, and there are those that seek ultimate control, imposing dependence, coercion and corruption of reason; from the top down.
The cultures that seek total control generally fall under totalism and are parasitic in nature. The ones that seek agency, freedom, and independence, Protean.
yieldcrv · 5h ago
Its not a binary thing, Tor updates all the time
Many comments talk about exit nodes for surveillance, but there is a totally different vector of use and considerations that dint apply when you aren't trying to access clearnet
And even on darknet it depends on what you’re doing
Reading the NY Times’ darknet site or forum or even nuet browsing darknet markerplace from Tor Browser, whereas I would use a Tor OS like Tails or dual gated VM like Whonix for doing something illicit
ezbie · 2h ago
"A lifeline for privacy" reads more like a "hub for pedophilia and other gross, unspeakable crimes".
Just use a VPN for fuck's sake.
mvieira38 · 1h ago
VPNs just shift trust from the service provider to the VPN provider, and I don't have much reason to do so for most of my uses. NordVPN or Surfshark are way scummier than a harmless blog or HN, for example, and have more financial and legal incentives to track me
fsckboy · 3h ago
>Tor: How a military project became a lifeline for privacy
Arpanet: How a military project gutted personal privacy, destabilized self esteem and strangled attention spans
I used Tor as a small part of one of the capabilities of a supply chain integrity startup. I built a fancy scraper/crawler to discreetly monitor a major international marketplace (mainstream, not darknet), including selecting appropriate Tor exit nodes for each regional site, to try to ensure that we were seeing the same site content that people from those regions were seeing.
Tor somehow worked perfectly for those needs. So my only big concern was making sure everyone in the startup knew not to go bragging about this unusually good data we had. Since we were one C&D letter away from not being able to get the data at all.
(Unfortunately, this had to be a little adversarial with the marketplace, not done as a data-sharing partnership, since the marketplace benefited from a cut of all the counterfeit and graymarket sales that we were trying to fight. But I made sure the scraper was gentle yet effective, both to not be a jerk, and also to not attract attention.)
(I can talk about it now, since the startup ran out of runway during Covid investor skittishness.)
So, a proxy? Onion routing doesn't really play a role for this use case.
The onion routing obscured our identity from the "proxy" exit nodes.
Separately, Tor was also a convenient way to get a lot of arbitrary country-specific "proxies", without dealing with the sometimes sketchy businesses that are behind residential IP proxies.
(Counterfeiting/graymarket operations can be organized crime. I'd rather just fire up Tor, and trust math a little, than to try to vet the legitimacy and intentions of a residential IP broker.)
https://www.princeton.edu/~pmittal/publications/raptor-USENI...
(Strange coincidence: We also had different key tech with the codename of Raptor, but it had nothing to do with Tor nor Web scraping. It was for discreet smartphone-based field auditing of physical product, in global physical retail and other locations. The codename was the result of a great morale-boosting impromptu brainstorming session between engineering and marketing people ("can you help think of a cool codename for this..."), and the resulting name highly apt, at least for the movie velociraptors. I built it, and, until Covid disrupted our F500 customers and investors, I was looking forward to hiring engineers to do further work on something cool-sounding like "Raptor", rather than "internal-app" or whatever first came to mind when creating the Git repo. :)
Where an AS level entity MITMs all outbound connections from a region in automated fashion for collection, before that traffic ever makes it to TOR or its destination.
It works for TOR, TLS, pretty much any protocol out there where key exchange or trust occurs; so long as the protocol is known and has distinct classifiable characteristics allowing computation to automatically do this.
There have been instances where public certs issued by a CA with the same domain names, but are issued from a root CA that is other than the legitimate site's root CA which are used for attacks. CT logs don't stop this either.
There is a lot of ephemeral content, and private information that can be both collected, and injected on a targeted basis if one has access to such junctions which the industry (Telecom) has proven time and again that they can't secure following basic practice; largely because mandates to backwards compatibility at the regulatory level.
Social credit, where invisible factors people don't control force those same people into poverty through targeted denial of service (communications for job hunting/social contacts), zersetzung, etc; that all would be a breeze to set up without any external indicator, or remedy using that attack.
What the target sees vs what everyone else sees would be quite different, and of course there would be people that gaslight and torture on top of it all (as a natural psychological defense mechanism of denial).
Compromised communications under such type of attacks are madness inducing.
I'm letting my imagination fill in the color on the specifics here and I'm working up a little grin.
A hat tip to you
One of the purposes was cold sales outreaches to an exec at a brand, maybe something like, "Here's a report about graymarket/counterfeit of your brand online, using data you probably haven't seen before; we have a solution we'd like to tell you about".
I think you have a valid general question (and you'll note I said "appropriate kind, IMHO" at the top of the original comment, acknowledging others might disagree that it was appropriate), but I'd like to contrast two distinct situations:
* A collegial forum, where people might go to share information, sometimes with discretion about what can and can't be said (or just comfort levels).
* A large corporation that was profiting off of illegal businesses (e.g., contract-violating, IP-violating, defrauding buyers, possibly fencing), and we wanted to gather evidence of that on behalf of some of the harmed parties, to try to stop it. And we did that in a technologically gentle, non-disruptive way. And (as I mentioned in the original comment) we had a conscious policy to immediately cease if we were ever told to.
To the parent, please do not try to lure info out of people it is just not cool online or in real life when people obviously are being generic for a reason.
Plus I learned a lot -- it came out of some academic research that pursued a unique angle: finding and talking to the Tor exit node operators about their experiences, rather than just say the developers, the executives, or the funders.
With the porn block in the UK though, the "New Private Window with Tor" in Brave is very convenient.
Maybe not for long, or maybe not. I guess websites don't need to comply beyond a certain point.
There are tons of "residential proxy" and whatnot type services available, IP being a source of truth doesn't seem to matter much in 2025. The Perplexity 'bot' recent topic being an example of that.
Basically if you want to access any resource on the web for a dollar a GB or so you can use millions of IPs.
To understand how, you should review the Princeton Report's Raptor attack, and understand how it works (2015).
Don't install addons in this browser. Don't resize the browser window. All tor browsers instances have the same default window size, which prevents websites from tracking you. Obviously don't login into websites with your regular email or provide websites with your PII.
If you are in a country or on a network that blocks the basic Tor network, the FAQ explains how to get around this by using Tor bridges or other techniques [2].
That's pretty much all you need to know.
[1] https://www.torproject.org/download/
[2] https://support.torproject.org/censorship/
A good overview is available at https://www.whonix.org/wiki/Tor_Browser#Unsafe_Tor_Browser_H...
Wouldn't that in and of itself be a possible clue that someone was using Tor?
This mitigation helps protect the individual Tor user (e.g. with a unique 1726x907 px window) being fingerprinted across multiple sessions / sites.
> To prevent fingerprinting based on screen dimensions, Tor Browser starts with a content window rounded to a multiple of 200px x 100px. The strategy here is to put all users in a couple of buckets to make it harder to single them out.
Moreover, even if you resize your window, the browser tries to protect you
> by adding margins to a browser window so that the window is as close as possible to the desired size while users are still in a couple of screen size buckets that prevent singling them out with the help of screen dimensions.
[1] https://tb-manual.torproject.org/anti-fingerprinting/#letter...
I haven't kept up with the space much since then, so am unaware if there is more recent work.
In any case, there are valid threat models where you want to mitigate website fingerprinting but aren't necessarily concerned with AS-level adversaries.
In fairness, most of big tech are AS-level adversaries at this point.
Active attack through BGP-hijacking may be partially mitigated, but this isn't really needed for the most pernicious attacks which are interception/injection from a regional entity that's routing to the broader internet (outbound connections).
The same entities can do early transparent encryption termination for outbound connections (to the general web) since they have their own private signing keys tied to root trust CAs (just not the one the valid cert was issued to), and that lets them collect a treasure trove of forensic artifacts to improve their citizen dossier for advertisers/highest-bidder, or inject content that is ephemeral in nature.
You have to explicitly switch to "Safest" mode to turn it off completely.
>Why does Tor Browser ship with JavaScript enabled?
We configure NoScript to allow JavaScript by default in Tor Browser because many websites will not work with JavaScript disabled. Most users would give up on Tor entirely if we disabled JavaScript by default because it would cause so many problems for them. Ultimately, we want to make Tor Browser as secure as possible while also making it usable for the majority of people, so for now, that means leaving JavaScript enabled by default.
https://support.torproject.org/tbb/tbb-34/
Depends on the level of anonymity the end-user desires. That rabbit hole is deep, but not that deep: https://www.ivpn.net/privacy-guides/advanced-privacy-and-ano... / https://archive.today/9DhtT (by u/mirmir)
https://tails.net/
https://tails.net/
I have not yet had time to find a suitable replacement machine. But running a bridge is a cheap, safe low network volume method people can help out from home. I had it going to help people in 'bad' countries to get out to the rest of the world.
https://community.torproject.org/relay/setup/bridge/
A lifetime ago, I ran bridges from RAM only distros. But early versions of the Dan list (1st in wide use) killed that.
DL didn't try hard to differentiate between bridge IPs and exit IPs. Server hosts just grabbed the first list they saw and blocked with it.
It was years before the notion of Exit != Bridge became understood but everyone had moved on. We're at the entropic 'No One Cares Anymore' phase now.
If you want to avoid global passive adversaries, a mixnet like Nym can work. I'm also working on a related project which takes a different approach of building your own circuit of proxy servers manually with lots of traffic padding: https://github.com/markasoftware/i405-tunnel
That being said, yes, feds can de-anonymize traffic, probably reliably at this point. There are only about 7-8000 active nodes, most in data centers. The less nodes you hop through, the more likely that traffic can be traced back to the entry point (guard node), and combined with timing can be reasonably traced back to the user. Tor works best with many, many nodes, and a minimum of three. There's not as many nodes as there needs to be so quite often it's only 3 you are going through (guard node/entry point, middle node, exit node)
Plus browsing habits can also be revealing. Just because someone is using Tor doesn't mean they also have disabled javascript, blocked cookies, aren't logging into accounts, etc.
I can't find a link, but I think people have done simulations and the privacy benefits of more hops are not as great as one might think. If you control the guard and exit, then traffic confirmation is relatively easy by just looking at timing and volume of traffic no matter how many hops are in between.
There have been some cases where some consider the "other lapses in OpSec" to be parallel construction to disguise a Tor vulnerability/breach, and others where the government has declined to prosecute because they'd have to reveal how they know.
If Tor were compromised, we'd likely not know. It's highly likely that it's fine for "normal people" things.
... now my back hurts and I want the damn kids off my lawn.
The tor project has network stats on their website: https://metrics.torproject.org/networksize.html
Looks like about 8,000 relays, inclusive of entry and exit nodes. Looks like about 2,500 exit nodes, and ~5,000 guard nodes. With that few I'd say it's reasonable to assume that a large number of both entry and exit are controlled by government agencies, at least enough to reliable to conduct timing attacks against a specific target they are interested in.
It's a little ambiguous.
Section 230 (which continues to be under attack) provides some legal immunity, along with the DMCA is a safe harbor against copyright infringement claims for the Tor relay operator. Running a middle relay is generally fine and safe.
But, running an exit relay is risky. Even if you can't be held legally liable for the traffic coming from the exit, you could still get raided, and it has happened before where exit node operators have been raided after the traffic coming out of it was attributed to the node owner.
That being said, it's legal to run an exit node (for now). The problem is more so dealing with the inevitable law enforcement subpoenas or seizures, and having the money and resources to prove you are innocent.
Tor was always a government tool.
Ulbricht wasn't caught because of flaws in Tor, but he made other mistakes. He posted stuff on LinkedIn alluding to his activities, he used a real photo on his fake IDs to rent servers, he used his real name, posting a question on stack over flow about running a Tor service, he posted his personal gmail, looked for couriers on Google+, and lastly paid an undercover cop for a hit.
As for getting his location, once the feds gained acccess to silk road, they matched up activity logs, his posting habits were consistent with being in the pacific time zone, and they matched up his user name between his posts on silk road as altoid and he reused the same screenname, associated with his gmail address and full name, on other websites.
A series of stupid opsec mistakes got him caught, not Tor.
Unless, of course, they want everybody, which even they don't have the resources to handle.
When did he sell drugs?
In a world where Tor is not a honeypot of some three letter agency, there are implementations of projects like Jim Bell's Assassination Politics. In a world where Tor is not a honeypot its use would be banned, much like the use of Tornado Cash was banned and shut down until the secret services took control of it.
And we obviously don't live in such world.
There are many places in the world where direct access to Tor is blocked. There are many countries where use of a VPN is illegal, VPNs are required to log by law, etc. I disagree with this premise.
"VPN services may soon become a new target of EU lawmakers after being deemed a "key challenge"" https://www.techradar.com/vpn/vpn-privacy-security/vpn-servi...
There are generally two types of countries, those that seek agency, independence, and freedom of rational thought and action; which requires privacy, and there are those that seek ultimate control, imposing dependence, coercion and corruption of reason; from the top down.
The cultures that seek total control generally fall under totalism and are parasitic in nature. The ones that seek agency, freedom, and independence, Protean.
Many comments talk about exit nodes for surveillance, but there is a totally different vector of use and considerations that dint apply when you aren't trying to access clearnet
And even on darknet it depends on what you’re doing
Reading the NY Times’ darknet site or forum or even nuet browsing darknet markerplace from Tor Browser, whereas I would use a Tor OS like Tails or dual gated VM like Whonix for doing something illicit
Just use a VPN for fuck's sake.
Arpanet: How a military project gutted personal privacy, destabilized self esteem and strangled attention spans