Whats the point if all exit nodes know where you are? wouldnt

>>58968091
>Whats the point if all exit nodes know where you are?
*leans into mic*
wrong

think about an onion my friend.

>>58968091
Encryption for the connection tunnel changes during every client hop. Nodes also change IP addresses as the ARP table is constantly changing.

Also, you can't just say "hey this IP belongs to this machine..." you would have to monitor the traffic coming from the client and arriving at the correct destination.

The exit nodes do not know where you are.

Not sure where you got this idea from.

Go to the tor website and read how tor works instead of reading reddit posts or whatever

>>58968142
https://www.deepdotweb.com/2015/04/26/70-malicious-tor-exit-nodes-exposed-by-siganit-org/
https://blog.daknob.net/running-a-tor-exit-node-for-fun-and-e-mails/
http://security.stackexchange.com/questions/111686/tor-exit-node-can-know-my-ip-address

>>58968194
The only way an exit node would know your IP address is if all the intermittent relay nodes are also under it's control, this is quite possible if you have access to enough machines on the TOR network but generally impractical for anyone not a multinational government agency. Or if it were to inject a malicious script into the data stream that caused a badly configured browser to make a request to a specified site either using a none TOR path or including the IP address in the request. Injecting a Javascript into a html page at pass-through is very simple quite a few free VPNs have done that in the past to insert advertising but it will require the browser to be configured to run the script and send the request, no security is 100%.

>>58968194
If you'd understand those examples you'd realise that there is one piece of information you lack:
Tor exit nodes can see everything you give them. They handle any unencrypted content.
So, if you're using websites that transmit unencrypted data, chances are you're leaking your IP address. Especially since sites tend to use your IP address in their session tokens...

>>58968194
Your first link is an example of a horrible error of judgement on part of sigaint when they decided to drop SSL. Users are also to blame - they shouldn't have trusted address found in a web page without SSL.

Your second link is just some blog about tor configuration, though I haven't read it all.

The person on stackoverflow has some serious misconceptions about the internet. If your tor browser is properly configured, this is all the nodes can know:
- entry node knows your ip an your choice for second relay node, it doesn't know anything about the content you're sending,
- relay nodes know nothing about you, thet get some packages, they forward them, but they don't know where they originate and where they will end up,
- exit node makes a request to a website on your behalf, but it doesn't know where that request originates. If the website uses https, it only knows the receiver address, but not the contents. If the website uses plain http, exit knows the content. That might include your user name and password, but it will not include your ip. And even malicious javascript queries shouldn't be able to include your ip, given that it shouldn't even see this info in a properly configured tor browser.

Tl;dr If there is at least one uncompromised node in the path, the only way for your attacker to connect your ip to your requests is timing correlations.

>>58968091
>exit nodes
Optional.
I rarely use Tor with exit nodes.

Does tor actually work? If I use it properly will the government and my ISP not know the porn I look at?

>>58968746
In theory and practice, yes.
But some types of porn are targeted by the FBI, so don't go into porn that's illegal in the US.

>>58968091
Tor is a trap for retarded pedos. Let it be.

>>58968736
watch out we got a smart ass here -_-

File: 1469629255731.jpg (34KB, 705x565px) Image search: [Google]

34KB, 705x565px

am i better off just not using TOR if i want to avoid NSA/FBI attention?

>>58968877
use a vpn with servers based in neutral countries like swiss or norway.

>>58968877
Reported your post to the FBI, just in case.

>>58968966
Why trust any service at all? Maybe your ISP just doesn't give a fuck what you do or aren't monitoring you.

Set up a virtual machine running Linux, add a VPN inside it and download the Tor Browser Bundle (there's a sandboxed version available or you can set up firejail). Next create a Whonix gateway and tunnel the first VM through it. Finally add a VPN outside the VM, and if your router supports it, you can add yet another VPN. Make sure the VPNs are in different countries, preferably even different continents. You're now safe from all alphabet agencies.

>>58969212
thats terrible. its safer to boot into tails, since a vm relies on the host to be secure (which its not)

>>58969212
only if your host isn't running Wintendo

>>58969234
when was the last time you audited the tails source code
nsa shill

>>58969234
What about the hardware backdoors?

>>58969254
>>58969254
>>58969254
at least i did a md5 and sha1 test and installed from an uncompromised system.

>>58969319
>>58969319
nothing is safe on compromised systems, obviously youd need a code for communication. Reminder all modern intel systems, some amd systems, computers with uncovered mics and cams, all windows systems and all apple systems are compromised systems. Also a reminder that its good practice to disconnect your speakers since they can be used as a microphone.

>>58969399
md5 and sha1
that will help loads when the source is already backdoored
how can you know without doing a full code audit yourself

>>58969399
>Also a reminder that its good practice to disconnect your speakers since they can be used as a microphone
source? wtf i hate speakers now!!!

>>58969452
why do you post like this

>>58968984
Reported you to the FBI too, just in case.

If you visit shit like facebook then you deserve to get owned but if you're in the tor network you're relatively safe. Avoid operating in any of the 14eyes countries. Best VPNs are in Switzerland