True. But Tor has pwned people too. Most recently, there was the bug that CMU researchers exploited, and then shared with the FBI. Also, many users of Tor browser have been pwned by phone-home malware, which leaked their ISP-assigned IP addresses. Hitting Tor through nested VPN chains would have protected them.
If you use Tor you can't really trust the machine it is on, all sorts of potential web browser vulnerabilities. (And please don't do GPGing on the same box.) At a minimum, run it in a VM so its upstream IP is an internal NAT address, and so it won't have unique phys IDs like MAC address, which can be traced through the supply chain.
Preferably use a VPN for the host machine's connection too, at least to first download the tor client (the subset of IPs which have downloaded a recent tor bundle is quite small). At the very least, firewall the VM so traffic can only go to a tor bridge IP; even then, https (non tor) from a compromised host can identify the tor user, as all tor entry point traffic is logged and possibly has active mitm boxes (varying packet timing, fingerprinting tor versions).
Given the overall complexity of getting it right, and the enduring consequences of a single opsec failure, I'm not sure tor is a great option. Sending USB sticks through the mail would probably be safer. (Even then, encrypt them, use a dedicated laptop, don't lick the stamp or leave fingerprints, don't be observed/CCTVed posting them, purchasing the USB sticks, etc.)
Good points. I should have emphasized use of Whonix, which comprises Tor gateway and workspace VMs. Forwarding isn't enabled on the gateway or workspace, the gateway is firewalled, and it doesn't just use TransPort. It exposes a bunch of SocksPorts to the workspace VM, so each app gets its own SocksPort.
> all tor entry point traffic is logged and possibly has active mitm boxes
That's a broad claim. You need cites for that. Tor relays are run by a large collective of volunteers, and keeping something like that secret would be quite some achievement.
Okay, not all gateways. But top by volume, yes. Not by the people running them, but at the network/ISP layer. There was some open source reporting about it in Singapore (not a democracy admittedly) I'll try to dig up. But on the 5th anniversary of the Snowden leaks, why do you find it strange?
OK, maybe at network/ISP level. There's no way for relay operators to know, of course. But if an operator learned of logging, I'd expect to see that reported on tor-relays@lists.torproject.org, and I don't recall that.
This is yet another reason to hit Tor through a VPN service. Or better, a nested chain of VPN services.
Edit: I do recall a post by Virgil Griffith about the situation in Singapore.[0] He says nothing explicitly about logging, but does note that Singapore's "love of anti-corruption exceeds its apprehension about human-rights-laden privacy enhancing technologies." And I don't find anything about logging of Tor relays there. But then, I'm searching in English :(
> True. But Tor has pwned people too. Most recently, there was the bug that CMU researchers exploited, and then shared with the FBI. Also, many users of Tor browser have been pwned by phone-home malware, which leaked their ISP-assigned IP addresses. Hitting Tor through nested VPN chains would have protected them.
It's better, as in closer to trust-no-one, but of course it's not perfect. Especially when we're talking about endpoint security concerns.
I understand that sentiment but a technological work around (that probably also has captured data points) that would entirely alleviate whatever hypothetical issue the OP is referring to seems at best naive to this layman.
> alleviate whatever hypothetical issue the OP is referring to
That "hypothetical" the OP referred to is the VPN provider keeping logs (or more logs than they advertise) and providing them when asked to the authorities.
It's not really that hypothetical. There was a link here today about a "no log" VPN service that apparently did that.
> I understand that sentiment but a technological work around (that probably also has captured data points)
Tor is a technology that specifically answers the issue the OP brought up, which is over-trust in a single entity to preserve anonymity. Nothing's perfect, but Tor is better than both the "VPN provider" option the OP was warning people away from and from your snarky "what and use Comcast?" option.
> but a technological work around ... seems at best naive to this layman.
You'll have to elaborate why the use of better (if imperfect) technology is "at best naive."
Ehem, asking for a friend - is using Tor in conjunction with a third-party VPN service like the ones mentioned above any safer than using Tor regularly?
OK, so imagine that your friend was using Tor in 2014, while CMU attackers (OK, "researchers") were deanonymizing users and onion sites. They exploited a bug ("relay-early") in Tor, which allowed them to communicate among malicious relays through a back channel. That led to a number of prosecutions.
But imagine instead that your friend was connecting to Tor through a VPN service. Even if CMU attackers had been running your friend's entry guard, they would have just seen the VPN exit IP address.
Better yet, your friend could have been connecting to Tor through a nested chain of VPN services. Then the FBI would have needed to do lots more work to get your friend's ISP-assigned IP address.
The Tor Project, I note, will not agree with my assessment. But so it goes.
Everything on the internet (and really in life) is a chain of trust - there are going to be weak links however far down the rabbit hole you go.