Viewing a single comment thread. View all comments

BlackFlagged wrote (edited )

For reference:

5 eyes: United Kingdom, United States, Australia, Canada, New Zealand

9 eyes: Denmark, France, the Netherlands, Norway

14 eyes: Germany, Belgium, Italy, Spain, Sweden


Raisins wrote (edited )

Let's hope it stays put at 14.


aiwendil OP wrote

It's hard to really know until we get the next Snowden level leak, which is like a twice a century thing at this point. Most government employees are totally cool with what they are being asked to do in the name of "National Security," So since the modern intelligence community was formed during WWII, there have only been two leaks on that level, including the Snowden leak, but then there was the Pentagon Papers released by Daniel Ellsberg. It would be nice if we could get this kind of information out of the government every couple of years, but since we can't, let's just assume that they are constantly expanding the scope of data collection to the best of their modern abilities. A 5-6 years ago, those abilities were startling and now they should be assumed to be even more startling.


aiwendil OP wrote

Alright, I am pretty sure I got all of those in the country codes. At the moment I have to remove StrictNodes part of the settings because it was seemingly causing issues getting to hidden services. Not sure why that would be. My confidence is really going down with tor lately, given everything going on with it.


ziq wrote

What's going on with tor?


aiwendil OP wrote (edited )

Well, there is the whole Jacob Applebaum sex scandal thing. Also all the darknet market busts that happened. Seemed like people were careless about letting personal information slip, but really when running a project like that you don't have to be that careless. With all the attention you will get running a darknet site, where ever it happens to be that you slipped up is going to come out eventually. However, Sessions made some cryptic claims about people not being as anonymous as they think they are with tor and shortly there after Lucky green quit saying something along the lines of having to step down for ethical reasons. It seems like a lot of attacks on the credibility of tor all at once. I think it is time for some serious community auditing, because between Lucky's cryptic statements and Sessions' cryptic statements, I am starting to think the is some FISA gag order shit happening. Obviously that is just my impression, I have absolutely no proof, but it just seems like a lot of bad press lately.

In addition to what I covered in this post, I've also been running a script I wrote similar to needl from a few vm's to try to create a lot of dummy traffic through various entry and exit nodes as well as from the computer I typically browse through, so usage meta data theoretically becomes more difficult to collect, but I don't recommend others do this yet as running this code could be potentially identifying in and of itself.

I would like to see tor adopt something like i2p's system for combining multiple packets into one, so it becomes impossible to tell which, if any packet originated from your computer. Also having all computers on the network routing packets seems like another good idea... Also having separate tunnels for inbound and outbound taffic seems like a good idea. Ultimately I think I2P would be the future if there were more outproxy/exit nodes.

All that said, if tor has been infiltrated or compromised from the inside, none of this matters. So I2P's system of keeping the developers pseudonymous is probably a something tor should adopt as well. We don't need to know who the developers are in order to accurately audit the code...

I know that is a lot, but the darknet world is a kind of scary place right now. I could only find one country with favorable laws regarding data retention and they block hidden services somehow, so there are a lot of problems to address.