Oddbean new post about | logout
 https://torproject.org fixes this.

I always say, learn how to use it before you need it.

But the truth is, at least outside the USA, all Westerners need it already. 
 Tails OS is the easiest way to use Tor. Actually is hard not use it. 
 I also recommend TAILS, but its certainly not easy for Linux newbies.

Whonix is even better IMO, but possibly even less suitable for onboarding... 
 Check out Heads
heads.dyne.org/

Its tails without subvertD 
 Project hasn't had a heartbeat since 2019, though. Pity, its a good idea... 
 Outside the USA? What do you mean with this? What's different inside USA? 
 The First Amendment, but mostly culture.

EU/UK/AU/NZ may grumble, but we'll mostly grumble quietly. Like Chinese.

USians be more like Iranians, who know their govt lies and censors, know accessing enemy media draws prison sentences, and then do it anyway. Highest percentage of Tor users on Earth, Iranians. Stubborn and savvy.

US is in the top 10 per capita Tor users even though they have comparatively little official state censorship. (Yet...) 
 There are still people in USA that believe in first amendment, and this is really hopeful and nice and beautiful and respectful and... but to a certain degree, not sure how much, it's an illusion. It's the same illusion that Gonzalo Lira had and he couldn't realise that being a USA citizen he could be sentenced to death because of something he said in a country that the propaganda says that shares the same democratic values, while his liberation was a phone call away. 
Besides there is no need for much official censorship when deplatforming by private companies and cancel culture are enough. I think... 
 I think you're 100% correct, sadly.

I also think on freedom of speech the US of A is first among Western countries. Iceland and Switzerland have shown promise at different points, and then rejoined the downward spiral of their neighbours... 
 Could be the case. Only because there really are quite a few people still who believe in the first amendment, and that's the most important fact, more than they believe in their country etc. I really like those people in USA. They are a beacon of light in a shity desert. As for freedom of speech itself, it could be the case that in Greece you may have more freedom of speech as in USA, at least some limitations in free speech, came directly from USA here. Like hateful speech, but it depends on who and what the regime likes... 
 But except that, Tor relies on usa government funding and usa navy cryptography. Why should we trust that? 
 Don't take anything on trust!

The whole Tor codebase is publicly available, with all its documentation. You can download it yourself and look over it. Hundreds of thousands of programmers better than me have done so. Bugs have been found, and patched. 

Crooks and cyber-terrorists have spent years trying to find exploits they can use to crack Tor and steal secrets and cryptocurrency. They've all failed to date, but some have found ways to make it waste resources and crash. Those have been patched, too.

Nothing made by humans can ever be infallible or immune to misuse, but Tor has certainly been field-tested more than any similar tool.

According to Edward Snowden, the bad guys (NSA) have spent a lot of resources trying to break Tor, and failed. "Tor Stinks", the leaked presentation was headlined. 

They and their frenemies in the FBI have been able to catch Tor users, but only by tricking them into downloading viruses that target other software on the users computer - Firefox (since patched) and various media players.

Tor's not magic, but its pretty darn good at what it does. Thats just the start of your OPSEC journey, of course. 
 Yes i know and i already had that conversation here on nostr with a lady that's cybersexurity specialist, I don't remember her name, ava maybe? Anyway... Tor is the best there is, but not for everything. For example, if you are iranian opposition would you use tor? Yeah, why not if you don't care that the USA agencies can see you. But if you are a russian spy would you use something that relies on usa navy cryptography? Probably not... Even there is not a bug or something, hard to believe that the usa navy gave sha-256 to the public without having the ability to decode it if needed. Right? 
 During the 1980s, the NSA managed to have various hashing and encryption schemes made standard that contained numerical constants, basically partial keys already calculated by the NSA.

Other countries have cryptographers, and they wised up. By the time Phil Zimmerman wrote PGP, no one trusted algorithms with suspicious looking constants. The field of cryptography is now quite international, and there have been many highly-skilled attacks on all the currently popular algorithms. Because the banking sector and the US government use them too.

I'm quite sure both Iranian opposition and Russian spies use AES and public key encryption. In fact, they probably both use Tor for some time-sensitive communication. 

Russian embassies likely prefer OTP instead for the highest security communications, but they have secure out of band methods for distributing keys to their embassies. 
 That's an interesting opinion. Maybe you are right. I have doubts obviously. But thanks, i appreciate it. If you have more to say on this, i hear... 
 If you have doubts, let us know the specifics, and we will all learn! 
 Right. It's what i already told. 
I don't know much about cryptography, just a few things, but when i have a project being funded by the USA government while it's using a USA navy algorythm, doesn't mean it's ok and that there is not a backdoor or something because the code is open and can and was review by several people. Funding a project that uses your cryptography and that can be used against you, makes no sense to me, except if you have a backdoor. The recent incident with xz-utils also shows that it is possible. Yes it was revealed because it's open but it is possible. Besides that, i myself, all my life when i wanted to hide something, i did it in public view with 100% success so far. 
 You have a very wise attitude to these things, that you should keep. But an indication of scale might be useful.

The Thing is rightly legendary in real life spy shenanigans, and a dramatic example of hiding things in plain sight.

https://yandex.com/turbo/en.wikipedia.org/s/wiki/The_Thing_(listening_device)

During the course of the operation, it was only handled by a few people, none of whom had much technical knowledge, and then it sat on a shelf.

Tor is made of transparent digital code instead of opaque wood, it has been handled daily by experts around the globe, and there are literally tens of millions of copies.

Finding out there was a back door all along would be like finding out every Toyota Corolla has a "Decepticon" form and no mechanic ever noticed until one day they rose up and took over the world.

I, for one, will welcome our new robotic overlords, and I have always treated my Toyota with kindness and respect. I don't lose sleep over it, though. 
 I understand the point, but one question, for start, that has to be answered in a satisfying manner, is why USA is funding a project that can be used against them?  
 AES and RSA weren't actually DARPA or NSA products. They were designed by academics who entered them into both USA and international competitions for new algorithms.

The NSA would love the ability to read everyone's mail, but the global banking industry needs cryptography to work.  
 Guess who holds the bigger stick? 
 It's also used in military applications...
I don't know. Who?
 
 IDK exactly what algorithms we use here in military radios. Even though i was trained on them.

The banks have far more influence over the levers of power than any Director-General of the NSA. They need cryptography algorithms to work, or else they'd have to reopen a lot of physical branches.

That doesn't mean they need Tor's _implementation_ of those algorithms to work, but thats a much smaller problem, and one we covered in detail alreadyc