• PhilipTheBucketOPA
    link
    fedilink
    arrow-up
    3
    arrow-down
    2
    ·
    19 hours ago

    You shouldn’t use it for torrenting

    True.

    it’s frequently targeted by intelligence agencies for IP unmasking

    I would take issue with “frequently,” in the grand scheme of things, but yes. It is a sufficient level of protection that state intelligence agencies have to have specific methods, which sometimes work and sometimes don’t, to try to specifically attack one specific actor on Tor if they care enough to do it. In contrast to a VPN, which any bumbling fuckhead in more or less any jurisdiction can generally defeat with a single subpeona, and even a fairly stupid intelligence agency can defeat without blinking.

    Tor sucks

    Your axioms don’t add up to your theorem. There are cases where a VPN is better, torrenting being one of them, that part is true.

    • kitnaht@lemmy.world
      link
      fedilink
      arrow-up
      2
      arrow-down
      2
      ·
      edit-2
      19 hours ago

      https://www.malwarebytes.com/blog/news/2024/10/tor-browser-and-firefox-users-should-update-to-fix-actively-exploited-vulnerability

      This was just in October. This is only the latest in a long history of Tor being a target for attacks. Sorry you’re ignorant of that fact, but Tor is quite possibly the worst choice for any task. A VPN will always be faster, more reliable, and more secure.

      Here’s another in January: https://www.securityweek.com/tor-code-audit-finds-17-vulnerabilities/

      And, it’s basically the only service where it relies on freely added Tor exit nodes, where anyone can set up a node and start siphoning off data – as data between the exit node and your end path is NOT protected.

      Granted, this is the same for VPNs, but anyone can set up their own Tor Exit node. VPNs have a business incentive to make sure not just anyone is in the chain for access to that data.

      I can fully saturate a symmetrical gigabit connection with my VPN. I can’t touch a fraction of that with Tor.

      Tor is for oppressive countries where anonymity and misdirection are more important than performance. It’s literally worse than a VPN in every single way unless you’re concerned with a major country coming for your head. And even then - Tor isn’t going to save you.

      • PhilipTheBucketOPA
        link
        fedilink
        arrow-up
        2
        arrow-down
        2
        ·
        18 hours ago

        I typed up a long sarcastic response as to why this isn’t true, but I think I’m going to let you keep believing these things. If you think VPN-using browsers do not have vulnerabilities that need updates to fix actively exploited vulnerabilities, or that data is protected between the exit node of a VPN and the end path, then I’m going to let you keep thinking those things. I’ll never stand between a person and their dreams.

        • kitnaht@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          18 hours ago

          Read your own damn article:

          Because it’s designed with privacy and anti-surveillance in mind, it generally runs slower than the regular internet and is not designed for content streaming.

          For Fucks sake…

          If you think VPN-using browsers do not have vulnerabilities

          VPN is not “a browser”, it’s a network stack. It is separate from whatever you use for a browser. If you use Tor, you still use a browser. So your argument is absolutely coming from an asinine point of view where you clearly don’t understand the technologies behind each.

          • PhilipTheBucketOPA
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            18 hours ago

            Actually, I should have said specifically: It is true that Tor is slower and unsuitable for some applications, streaming and torrenting being two of them. It was more your statement that it is somehow less secure that I was disagreeing with.

          • PhilipTheBucketOPA
            link
            fedilink
            arrow-up
            2
            arrow-down
            2
            ·
            18 hours ago

            VPN-using browsers

            VPN is not “a browser”

            Diesel-burning cars

            Diesel is not “a car”

            See how language works? You need to relax man.

            • kitnaht@lemmy.world
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              18 hours ago

              I’m pointing out a false equivalency argument here, not arguing about your semantics. If you wanna start arguing the definitions of words, you’ve already lost.

              • PhilipTheBucketOPA
                link
                fedilink
                arrow-up
                1
                arrow-down
                1
                ·
                18 hours ago

                Tor is for oppressive countries where anonymity and misdirection are more important than performance. It’s literally worse than a VPN in every single way unless you’re concerned with a major country coming for your head.

                So it’s… … more secure? I generally agree with this statement. The performance is worse, which makes it unsuitable for some things.

                VPN is not “a browser”, it’s a network stack. It is separate from whatever you use for a browser. If you use Tor, you still use a browser.

                Yes, which makes it kind of silly that you originally highlighted a vulnerability in the browser as a problem with Tor. Tor is also a network stack, but it’s most often used through a bundled-in specific Tor browser, which sometimes has vulnerabilities. Most VPNs don’t bundle a browser, but the browser that’s using the VPN still sometimes has vulnerabilities. They stand in exactly the same relationship, in terms of vulnerabilities in the browser. Neither one is better than the other. That’s the point that I was making. I can absolutely assure you that I understand the technologies involved.

                • kitnaht@lemmy.world
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  edit-2
                  18 hours ago

                  It’s less secure. Tor encrypts your BROWSER data. VPN encrypts ALL of your data. Your browser isn’t the only thing that you have to worry about regarding privacy.

                  Do you see how that would make Tor less secure than VPN? Is that clear?

                  • PhilipTheBucketOPA
                    link
                    fedilink
                    arrow-up
                    1
                    arrow-down
                    1
                    ·
                    18 hours ago

                    I think you should share this way of looking at security with some security professionals, and see what they say about it.

                    I know some people who recently wrote an article, for example, which said among some other things:

                    The simple answer is that you can’t and shouldn’t trust either free or paid VPN providers. … For some, using a VPN can be as dangerous as not using one.

                    And your government can seek grounds to demand access to your browsing data anytime it wants — including retroactively — which can also include demands to access data from VPN providers, defeating the very point of the privacy you sought.

                    Security experts consider the Tor network the gold standard of private browsing because it allows you to access the internet without censorship or surveillance.

                    Instead of relying on a single tunnel to hide your internet traffic, Tor works by encrypting and routing users’ internet traffic through thousands of servers around the world, shielding their activity from other servers and the outside world. Because of Tor’s implementation, no single Tor server can see your browsing data. That means even if a Tor server is compromised, the attacker still cannot access the users’ browsing data within.

                    Because Tor is open source, anyone can inspect its source code to ensure that it’s safe to run.

                    And so on.

                    You’re not wrong that a VPN will shield your non-web traffic, and if you’re doing something sensitive outside of HTTPS and the associated DNS, then Tor won’t help. It also won’t prevent someone from stealing your car or breaking into your house. And, the same very serious vulnerabilities that apply to free or commercial VPN providers will apply to all of that non-web traffic.

                    The same article with the above useful tidbits of information also includes a guide to setting up your own VPN, which can be made actually extremely secure against some threats, if you do want to secure non-web traffic. Tor is still much better at protecting your web traffic, assuming that you’re doing something for which it is suitable.

                    Hope this helps. Let me know if you have any questions.