Should I use Tor?

[Azgoth 2]

11 hours ago, Godlygamer23 said:

I think you mean to say there's no reason NOT to give it a shot.

Derp, yes, I just forgot a word.

 

11 hours ago, LtStaffel said:

Everyone should be running Ghostery, if not these.

I'd actually argue that Ghostery isn't as good as choice as Privacy Badger + NoScript/uBlock Origin.  For one, Ghostery is closed-source (which may not be a big deal for everyone, but definitely makes me raise an eyebrow), while Privacy Badger/etc are all open-source and released under various versions of the GNU GPL license.  Ghostery also collects data about what domains are blocked by users and makes that data available to various groups--some are benign-seeming, like researchers and the Better Business Bureau, but by some some accounts this also includes advertising partners and other business entities (citation admittedly needed on this part, since I can't recall where I heard it).  I don't know if the data they collect is purely aggregate or is anonymous or whatever, but it raises a few red flags for me either way, and to me at least seems to defeat the point of using a privacy/anonymization browser extension.  This may not be a problem for everyone, I grant, but I think people should be aware of it so they can judge that for themselves; personally, it's a deal-breaker for me.

[LtStaffel]

On 4/30/2017 at 10:40 PM, dizmo said:

So your ISP knows what your credit card company knows? I don't see how that's an issue.

I desperately hope that's sarcasm.

[LtStaffel]

12 hours ago, Azgoth 2 said:

Derp, yes, I just forgot a word.

 

I'd actually argue that Ghostery isn't as good as choice as Privacy Badger + NoScript/uBlock Origin.  For one, Ghostery is closed-source (which may not be a big deal for everyone, but definitely makes me raise an eyebrow), while Privacy Badger/etc are all open-source and released under various versions of the GNU GPL license.  Ghostery also collects data about what domains are blocked by users and makes that data available to various groups--some are benign-seeming, like researchers and the Better Business Bureau, but by some some accounts this also includes advertising partners and other business entities (citation admittedly needed on this part, since I can't recall where I heard it).  I don't know if the data they collect is purely aggregate or is anonymous or whatever, but it raises a few red flags for me either way, and to me at least seems to defeat the point of using a privacy/anonymization browser extension.  This may not be a problem for everyone, I grant, but I think people should be aware of it so they can judge that for themselves; personally, it's a deal-breaker for me.

I agree that NoScript is better, but I'd rather have someone run Ghostery which is less intrusive and doesn't break things, than not run anything at all.

[Azgoth 2]

10 hours ago, LtStaffel said:

I agree that NoScript is better, but I'd rather have someone run Ghostery which is less intrusive and doesn't break things, than not run anything at all.

NoScript does block all flash/etc by default, but it lets let you whitelist domains with just one or two clicks to un-break sites (Privacy Badger, incidentally, does too, because it can sometimes break sites).  I personally don't find NoScript to be at all intrusive, but I admittedly have been using it for a very long time so I've just gotten used to it.

[TAHIRMIA]

If I remember right Tor was compromised by the NSA or FBI

[LtStaffel]

12 hours ago, Azgoth 2 said:

NoScript does block all flash/etc by default, but it lets let you whitelist domains with just one or two clicks to un-break sites (Privacy Badger, incidentally, does too, because it can sometimes break sites).  I personally don't find NoScript to be at all intrusive, but I admittedly have been using it for a very long time so I've just gotten used to it.

There's not a point in running it if you're going to whitelist sites.

[Azgoth 2]

14 hours ago, LtStaffel said:

There's not a point in running it if you're going to whitelist sites.

There is if you only allow certain domains, and leave others blocked, though.  It lets you block on a domain basis, so I you can have some things on a page blocked while other things are allowed.  Example: I have linustechtips.com added to my whitelist, but not google-analytics.com or googletagservices.com, all of which try to run scripts here on the LTT forums.  It obviously won't do any good if you permanently whitelist everything on every site you visit, but the same goes for literally any blocking/security service.  And I always have cross-site scripting and possible clickjacking blocked regardless of domain.

 

21 hours ago, TAHIRMIA said:

If I remember right Tor was compromised by the NSA or FBI

Unless I'm thinking of something else, entrance and exit nodes can be set up by malicious agents (e.g. NSA/FBI/etc), who can then monitor traffic through them.  But that's why you still use HTTPS when connecting through Tor--to make sure your data is encrypted en route to and out of the network, making it harder for a compromised entry/exit node to become a problem for you.  Unless there was some development I missed, I don't believe the core security of Tor is known to be compromised.  (though if it is I would love to see more details, since that seems like a pretty major thing)

[LtStaffel]

22 hours ago, Azgoth 2 said:

There is if you only allow certain domains, and leave others blocked, though.  It lets you block on a domain basis, so I you can have some things on a page blocked while other things are allowed.  Example: I have linustechtips.com added to my whitelist, but not google-analytics.com or googletagservices.com, all of which try to run scripts here on the LTT forums.  It obviously won't do any good if you permanently whitelist everything on every site you visit, but the same goes for literally any blocking/security service.  And I always have cross-site scripting and possible clickjacking blocked regardless of domain.

The whole idea of NoScript is that there could be a malicious script on a site for one reason or another, whether the site was compromised or whether it was intentional, and it is trying to block it. Allowing anything is letting a hole through. But of course exceptions have to be made otherwise the internet is not usable. The premise of the internet is that "These two computers trust each other and want to talk to each other" which is a hard paradigm to build anonymity and security into.