Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So is it now "guaranteed", that TOR is secure? And how many "guarantees" does one need in order to be "guaranteed" security whilst browsing?

[...]and they provide additional guarantees that readers are connected securely to our website.[...]



Are you just nitpicking the difference between the phrase "provide additional guarantees" and the verb "guarantee"? Why?

> So is it now "guaranteed", that TOR is secure?

Your quote does not imply that


Disable Javascript. Enabling it makes you traceable. Run a Temporary profile in Firefox - otherwise cached images will make you traceable. Connect from your neighbors wifi (the further from your home the better, really) with a spoofed MAC address running from a write-locked USB live distro - this ensures you're protected from the unknown unknowns.


Or just use the Tor Browser - ideally with the High security setting. Other browsers don't have the same anti fingerprinting and first party isolation defenses.


Then again, with JS disabled your browser fingerprint gets a lot more specific unless your UA is a scrawler bot.


> Run a Temporary profile in Firefox

What're the equivalent or similar features in other browsers (e.g. Chrome)? Incognito mode?


Tor crypto guarantees an E2E connection to an entity possessing a key which matches the onion address which you sought to access. That's a benefit over DNS/TCP/BGP :-)


Using Tor is more secure than not using Tor, no matter how much FUD people try to spread about it.


Its not secure. "Everyone" knows that. Everytime a drug market is taken down or a pedophile ring is busted, the investigators from FBI always claim it was some dubious mistake from the admin whic lead to it. But we all know they have discovered a vulnurability in the TOR protocol but won't disclose it.

Safe browsing guys

//edit: if you want extra security. Launch TOR from a remote desktop. And I am not talking about the ones you buy from known VPN providers like NordicVPN or amazon web services.


I guess I'm not everyone. I'd bet that the majority of the 'busts' are due to:

a) Infiltrating chats where people are more likely to share sensitive information / trust the people they're talking to

b) Poor configurations/ setups on either the client or server (client browser bundle has noscript, but it's not on the strictest settings, js is enabled iirc)

c) Exploitation of client or server due to out of date versions, things like that

Historically I think it's always fallen into one of these cases - and not just what the FBI etc say publicly but we've seen these exploits ITW. I wouldn't be surprised if the NSA and other agencies have the power to deanonymize TOR users but if it were trivial why is the majority of TOR traffic still going towards illegal content? Last I read (a paper a year ago) TOR is still primarily all about drugs, followed by child pornography (mostly drugs though iirc). If they can track all of these people by breaking TOR completely... why don't they?


^ This.

Remember, Silk Road was finally found and taken down because Ross Ulbrich messed up his OpSec on a Stack Overflow question.


Thats really interesting, does anyone have a link to an explanation about this?


Wow. That was 4 years ago?

Here’s a Reddit discussion: https://www.reddit.com/r/webdev/comments/1nln17/the_stackove...

Basically, he posted to stack Overflow using his own name and email address with code that was Silk Road was using. He quickly changed his username, but it was too late.


> But we all know they have discovered a vulnurability in the TOR protocol but won't disclose it.

Can you provide evidence for this claim? I'm a huge conspiracy nut, this has me excited.


You don't need anything that isn't already publicly available: see every security bug reported on the mailing list, and reliable hop tracing via coordinated parties recording traffic (Tor's version of Bitcoin's 51% problem).

That said, it's still the most reliable limited-anonymity provider I know of.


> //edit: if you want extra security. Launch TOR from a remote desktop. And I am not talking about the ones you buy from known VPN providers like NordicVPN or amazon web services.

No, if you want extra security use Qubes OS with Whonix (it comes with it by default) for isolating the Tor process in a single VM and the browser in another - thereby prohibiting any leaks, unless an adversary has a VM escape RCE.


what about Tails?



>But we all know they have discovered a vulnurability in the TOR protocol but won't disclose it.

Really? Perhaps you could explain how every single one of us found out it is true? Maybe every single one of us has a friend working in the NSA who was willing to tell us, even though he could go to jail for giving away such a secret?

Or maybe you are just making things up.


lmao, this is complete BS. sure it's not perfect and some nodes get compromised. no nation or three letter agency has cracked tor. prove me wrong




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: