Is this even accurate? - Bearded IT Guy on TikTok
Sure you could say don’t trust the exit node (if using decades outdated http sites- very unlikely). You should be using https sites anyway (80% of the web and 99% of login sites are https so this really is a non issue mostly (as long as you don’t blatantly accept false certificates from sites); if using the https version of a site, the exit node can’t read the data anyway!).
Tor is open source and run by volunteers around the world. It’s source code is poured over by many, many highly skilled individuals interested in protecting human rights/civil liberties. We can’t say the same about any VPN.
For balance: On the VPN plus side if you are worried about ISP snooping on metadata, the right VPN can prevent an ISP from reading that metadata- but then you are just shifting that trusted data over to the VPN provider to read (if they want). Using Tor does all this + hides your ISP ip from the other tor servers and website using extra layers of node separation + mult layer encryption in middle of transport.
Examples of why not to trust an unknown VPN:
July 2020: 7 “no log” VPN providers accused of leaking: https://www.theregister.com/2020/07/17/ufo_vpn_database/
Also on using a VPN: Being you shift the data your ISP would normally see over to the VPN… Do you trust the VPN provider more than your ISP? Something to think about.
On the free VPN’s, ask yourself: how are they making money?
I’m not against VPN’s- some undoubtedly are very legit (not all). Over Tor, your ISP ip connected to entry node is not available to the exit node (even in the case they somehow manage to control your exact exit and entry node, the middle node is yet another layer of encrypted separation).
As mentioned I am not against all VPN’s. But if it comes down to my personal safety, and I can only choose one, I choose Tor over any VPN.
Malicious exit nodes are a thing, but as long as you’re using an encrypted channel (HTTPS/SSH/SSL) you’re secure.
Using unencrypted protocols over TOR is bad, in exactly the same way using unencrypted protocols over the plain internet is.
Not only that, but ALL internet connections make a dozen or more hops to their destination across various networks - which is just as much reason to encrypt your communications.
What is this?
- That is 7 nodes. Tor uses 3 for normal internet or (usually) 6 for onions.
- “If you’re unlucky enough to have your laptop before the internet be one that is controlled by a hacker, your data is not secure at all”
What? Your laptop?
And this is just false. Tor uses HTTPS everywhere, andmostany website worth visiting nowadays use HTTPS. Onion traffic is also encrypted. - He states that “If you have a VPN inbtween you are secure”, which is somewhat false.
It just shows, don’t get your information from random internet strangers, no matter what they call themselves
It’s just fearmongering.
Your ISP definitely is fucking with your traffic (esp DNS traffic.). This argument isn’t only spurious it’s based on a view of how people use the internet 10 years ago.
In part it is. There’s been a number of instances where Tor exit nodes have been used by threat actors as a means to extract valuable information. Here’s one such event that seems to have taken place this year: https://www.coindesk.com/tor-network-compromised-single-hacker-stealing-users-bitcoin-report
It’s not the end of the world, however. This agent could eventually put his hands on some valuable information with his operation but only if non-encrypted traffic was passing through his nodes or if users who were sending encrypted traffic failed to recognize that communication was taking place with unauthenticated hosts (he was performing “SSL stripping”, it seems). That being said, end-to-end encryption is a pretty safe mitigation.
Other than that he seems to have failed to address the events pertaining to compromises of VPNs.
So basically this guy doesn’t know what he’s talking about, right?
He knows a little, but not enough to know where he’s wrong. Like all of us I suppose. He may also be dumbing it down a little too far and over-simplifying.
Also, the same attack he’s saying can happen in TOR can ALSO happen with an untrustworthy VPN service. The difference with TOR is that there are thousands of exit nodes. Not all of them are likely to be evil. You’d have to subscribe to thousands of VPNs and choose from them randomly in order to have the same odds as TOR.
“[Open source] makes it easier for for the people who are trying to find attacks into their system to do so”. Yep, doesn’t know enough.
The more comments of his I read, the more I question where he gets his info from.
Yeah, he totally glosses over the fact that open source also means that people can find bugs and submit patches to fix them.
And as I replied earlier, VPN providers can be evil too – and they can infer your identity through your payment method – whereas TOR is free to use, so no payment info to use to identify you.
I now have a f#cking tiktiok account, just so I could read the comments (I can’t f#cking comment or I would put him in his place.)
Edit: I’m installing tiktok on my mobile to see if that allows me to comment.
Edit 2: I can’t access his account now.