UPDATE: Bitcoiners Who Use Tor - Be Warned!

https://news.bitcoin.com/update-bitcoiners-use-tor-warned/


Comments


[19 Points] None:

ELI5? and how to adapt from here.


[17 Points] sapiophile:

This is yet another pretty silly misinterpretation of this admittedly very troubling bit of legislation. Let's clear some things up:

  1. No, Tor is not "hacked" or useless anymore, and it is still almost certainly the best tool available to anonymize global internet traffic, period.

  2. What this rule change would allow would be, say, for the FBI or DITU to shop around among federal judges to get one of them to sign a blanket warrant that would essentially allow them to attempt to hack basically everyone, everywhere, or at least anyone who might be the person they're trying to locate. And it's pretty likely that they would be successful in finding a judge to do that, unfortunately.

  3. Such hacks would most likely be in a form similar to those that we have already seen, such as the Freedom Hosting bust and the PlayPen bust, the former of which relied on an in-browser exploit that only affected users with Scripts enabled and who were using an out-of-date Tor Browser, and the latter of which was most likely a similar technique that relied on dynamic content in the browser. These threats can be mitigated, and through the use of strongly compartmented and well-secured systems (like Whonix, Qubes-Whonix, and Tails to a large extent), their potential efficacy can be greatly reduced.

  4. This rule change does not mean that you can get hacked or get in trouble just for using Tor (probably). Rather, it works in the other direction - once FBI locates, say, a pedophile forum, they attempt to exploit visitors to that particular site (again, like the two busts mentioned above), not everyone in the world who uses Tor. Such a project as that last would not only be beyond the scope of their ability and budget, but it is actually unlikely that even with judge-shopping that they could find a judge to sign off on it (but you never know). On the note of people who are concerned about their ISP seeing their Tor usage, there is really essentially no reason to be concerned - millions of people use Tor for all different kinds of reasons, and doing so is not illegal in virtually all developed nations. It's also worth noting that folks who attempt to use a VPN to conceal their Tor usage are not likely to be very well protected, as Tor traffic that is not using modern Pluggable Transports is still fairly distinctive, even if encrypted during transit.

  5. VPNs, Tor-over-Tor (AKA "double Tor"), and so on, provide literally zero protection against the kinds of attacks that this rule change would facilitate (and VPNs are not really useful to this community in general, in my opinion - see https://www.reddit.com/r/DarkNetMarketsNoobs/comments/4z9fsa/do_i_need_a_vpn_for_clearnet_bitcoin_purchases/d6u41ht?context=1 https://www.reddit.com/r/sapiophile/comments/502n24/on_vpns_and_why_theyre_not_all_theyre_cracked_up/). This rule change is most particularly intended for endpoint exploitation (hacking), and if your workstation is hacked, then it doesn't matter how many layers of traffic obfuscation you use, since a local process can (usually) just bypass all of it with ease. However, this leads to the next point,

  6. Reasonable measures to protect against endpoint exploitation exist, both to help prevent it from happening and to mitigate the potential damage that it may cause ("defense in depth"). Use a hardened, purpose-built operating system like Tails, Whonix or Qubes-Whonix and keep its configuration properly aligned to prevent clearnet access by unprivileged processes. If that is beyond your scope, do whatever you can to use the most secure operating system available (no Windows, no OSX, no Linux Mint, etc.). Always ensure that your critical software is kept up-to-date to protect against the latest vulnerabilities. Always keep the Security Slider in Tor Browser in the "High" position, and use the NoScript button to temporarily allow those scripts that you may need to run (but only those that are necessary, and definitely don't allow any that are from non-HTTPS locations). Use of an Isolating Tor Proxy of some kind can be completely effective at mitigating the de-anonymization of a potential successful endpoint exploitation, but they must be used carefully - see https://github.com/epidemics-scepticism/tor-misconception specifically the section headed "'Transparent Proxy' and 'Tor Router'".

  7. Always consider what your actual security and anonymity needs are, and make a rational determination of what makes sense to pursue according to your own Threat Model. Many of the potential steps to take that I have laid out above are likely not necessary for most of this community, and may cause undue "security fatigue" that may result in you becoming lazy or unwilling to maintain the rigor associated, therefore encouraging poor practices and habits that can result in worse security. Consider your own Threat Model well and make the decisions that are most appropriate for your situation and abilities, always.


[9 Points] DextroShade:

Aren't they trying to do all this shit already? How is this any different from what they are doing now? If your OPSEC is tight, how would this give them a backdoor?


[7 Points] jeffislearning:

But I, being poor, have only my dreams;

I have spread my dreams under your feet;

Tread softly, because you tread on my dreams.

Yeats


[2 Points] None:

Get PIA. Problem solved.


[2 Points] None:

[deleted]


[2 Points] Vendor_BBMC:

This has got nothing to do with bitcoin, and the article is entirely speculation about the possible intention of a bill which hasn't been voted on yet, IN AMERICA.

Have you noticed (if you use reddit over tor) that these articles always try to extract HTML canvas information, or make you prove you're not a robot by spotting which photos have signposts in them?

It's almost as if the intention of the posts is to de anonimize the tor sessions of reddit users, by detecting an attempt to view it in a Tor browser, then in a clearnet browser 8 seconds later at the same screen size.

But I'm assuming that OP is Roger Ver (sold RAM, hates small blocks and taxation), and he HATES authority, so probably not.


[2 Points] JumpmanUp2Something:

XMR is future


[1 Points] ALIENSBLEEDLSD:

Fuck that!


[1 Points] benzobrainz:

Fuck.. That's full on.


[1 Points] AHStephen:

Don't worry Ted Cruz got our back


[1 Points] letmetakeaguess:

So this only applies to connections the the US right? Is there a setting to avoid relays in the US? (I am not in the US)


[0 Points] retroracer:

this is old as dirt at this point