For example, I downloaded Tor network and using it for illegal activities. Can my govt track me? Can US govt track me? I know it encrypts something but if I remember correct, FBI was able to find some Tor users before.
Note: illegal activities was for example. I’m not going to do anything illegal. I’m just planning to serve my instance with a onion address.
Don’t do illegal activities.
What signal fiasco?
You should read the Tor foundation documentation before trusting your freedom to it.
You can be tracked on Tor, but the question is by who, and when. If you login to gmail over tor then google knows your using tor. If you access tor from your home computer then your isp knows your using tor.
If your threat model includes Advanced Persistent Threats at the nation state level, then they can do Cybill attacks and control enough nodes that they could track you.
“illegal activities” doesn’t always mean buying crack cocaine, or whatever. depending on where you live it can mean:
accessing wikipedia, forming communities, performing union activities…
in other words, the ruling class of your country decides something being threatening their power, and that becomes an illegal activity.
of course everyone can be tracked. also everyone is not julian assange, so i’m not so worried about using tor for “illegal activities”.
Sybill*, but yeah those are some nasty attacks. Perhaps introducing relay proof of work could counter them?
the evil monitoring relays are actually relaying, so they are doing the work, they are just also taking notes.
I know, I meant using PoW in a sign-up scheme, or something. Currently, The Tor Project takes down malicious relays based on what the community reports, which is eh; but it works.
What I meant with Signal fiasco is, they didn’t published server code for a year and the fact that they’re a US establishment. It’s not looking that bad but I’m not going to trust them anymore.
ToR was started by the US Navy and still gets funding from the navy every year. ToR is a tool used by the US for spooks and spook assets globally. The only reason it was made public was to generate enough noise to hide the spook talk.
So applying your logic means you shouldn’t use ToR either.
Hmm, maybe you’re right. But still its not like they didn’t released the source code for a year.
https://github.com/signalapp/Signal-Server
Its there now, but you never know what they are really running on their servers. In end to end networks, you should never trust the network, only the clients.
I think you need to take time and model out your threats, the EFF has tools to help you do this, then choose the tools that match best.
You’re right. Thats why I like Matrix more than Signal now.
Also I’m not looking for a security method to escape from a specific target. It’s all curiosity about general security.
matrix leaks metadata to the servers much worse then signal, just FYI. Hating how a team runs is different then then risk profile of the product.
Don’t like emotions cloud your decision making
I’m not hating. I just like keeping my half encrypted data on my own server instead of fully encrypted on someone else’s server.
well, your own server and every other server you’ve ever connected to.