As a copyleft person, I suggest all operating system should integrated with I2P, Tor, and other p2p infrastructures.

As a programmer for years, I'm pretty happy with open source licenses, which allows you to use the code under those agreements. While copyrights, they are just stop people from spreading information and knowledges, and they failed to protect authors.

At least, everyone should be able to redistribute the original copy.

@skyblond Tor can be dangerous. There are still quite some sites without SSL/TLS or with invalid certificate. Routing your traffic via tor exit nodes to such destinations is very risky.

@tyAnT
Wow, that's something new to me.

I thought their traffic is end to end encryption, like i2p tunnels.

(Thinking for a while before smash the send button)

Wait... Do you mean normal http site going through tor? If that's the case, then any site without SSL/TLS is dangerous, no matter it's tor or i2p or normal internet.

Onion sites are e2e encrypted, right?

@skyblond traffic between onion nodes has layered encryption. You have three nodes in the circuit and entry node does not know your destination, exit node does not know where you came from. However let's say you are not the most technical person and you use tor to access destination over plain text risk significantly increases when using tor - thehackernews.com/2021/05/over

@tyAnT

The same issue happens without tor. In China, they (ISP and government) will see what you're accessing if you use plain HTTP without any encryption.

In any situation, using plain HTTP without proper protection would be bad and risky.
Either encrypt them by transportation layers like SSL/TLS, tor, and i2p, or by the software itself (sending encrypted data over an insecure connection)

@skyblond it is bad in any case for sure, my point was only that doing it over tor increases the risk however I did not account for authoritarian state scenario. I suppose in these states government also demands the installation of their certificates into trusted root certification authorities certificate store although I do believe this is the exact reason why firefox and chrome use their own stores, seperate from the operating system's one. I would assume that technically advanced totalitarian regimes also have the ability to detect and block tor traffic and even detect the usage of tor bridges (entry nodes that are not publicly listed).

@tyAnT

Yeah, Tor is almost dead in China. Only snowflakes work, but they are not very stable.

@skyblond I guess routing traffic through ssh toward some remote vps is still a possibility. This way everything is encrypted and I think it would be very hard to distinguish this traffic from legitimate ssh session. However I do not know the details of the surveillance mechanisms and I have no idea about any repercussions. One thing is certain, although this would be a secure connection it would also be clear to anyone watching that this is encrypted outgoing connection. So there is that.

Follow

@tyAnT

This not work in China. Somehow they can distinguish the difference between normal command line usage and ssh tunnels.

I guess that's because the amount of data you transferred. Normal ssh doesn't need too much data, where the HTTP over ssh tunnels send a lot of data back and forth.

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.