Hey everyone.
Great, a Tor discussion =D my favorite topic lol.
So, I will jump the basic stuff, you probably know about that already and if
you don't you can take a look at the tor project homepage (or just send me an
email and I will help if needed).
Fisrt, you are FINE running the tor browser as both a client AND a relay (not
an exit node).
It will hardly help your anonymity, beacuse it's EASY for an atacker to know
if that data was generated by your browser or if it was previously relayed to
you from another point. Still, I believe you should run it as a relay if you
can (some ISPs won't allow that, mine for example, stupid bunch of people
-.-), and you can easily do that in the vidalia options choosing to become a
relay (if your ISP doesn't allow that, you will be unable to estabilish the
necessary connection anyway).
So.... how safe is Tor and do we need more relays?
We need more relays, but as the Tor team as already stated, it's not about
having more relays, it's about improving the network. For example, you can
have a bilion relays, but if you are accessing a hidden service, it will
still go through 6 relays and that will take a lot of time anyway. So, yes we
should grow the network, but that's not the final solution.
How safe is it? Well, that depends... if you listen to some speechs made by
Roger Dingledine and Jacob Appelbaum, you will notice that they are VERY
aware of the imperfections of the Tor system. They clearly state that Tor
will hardly be able to defeat a global adversary. And I can understand that,
if you can look at all the traffic of each person who uses the Tor network,
all the exit nodes, AND all the websites that are visited by Tor exit nodes,
you can cross reference that information and know "who is who".
But let's be honest, are we all really up agains't China or NSA? For me
personally is more about not having my ISP snooping on me, not having my
neighboor trying to play a "cracker" figure on me and watching my every move
online, not having someone who has a friend on the police trying to get
information about me just because he wants to, not having someone on the
internet getting mad at me and trying to locate where I live and threaten
me.... You know, I use a couple of global adversary capable defensive
mechanisms, but I am not really trying to go up agains't them, I am merely
trying to make things harder for the people "around me" who might have some
reason to attack me, so that I can have PRIVACY.
I don't want my life insurance to grow more expensive just because I searched
about some disease online. You understand?
I use Tor most of the time, but I don't use Tor to access my personal email.
Why? Because that's the email that I decided "this will be my online
identity, and I will not hide that's me". It's my official email, you know?
In the same way, I don't visit my "secret" email account's without Tor
(because it would be CLEAR that it was ME and not an exit node visiting the
email account, and anonymity would be destroyed).
I am not sure if someon has alrady posted this or not, but the EFF has made a
graphical presentantion of who can see what about your internet connections,
if you use Tor, HTTPS, both or none. Take a look at it in:
https://www.eff.org/pages/tor-and-https
As a couple of final notes ( I might write a tutorial on online prviacy one
of these days, lol) I will alert you that you shouldn't change the Tor
Browser configuration (it will make you susceptible to browser
fingerprinting) and if you want to make ONE change that might help to protect
you, just choose to block javascript globally, as it will prevent some
malicious smart ass javascript from attacking you. Usually I chose not to
have javascript allowed.
