request for general ideas related to TOR

[dazedandlost]

Ok, I admit it, I am a privacy nutcase. I recognize that privacy is hard and complex, some people may think that the available gains are not worth the effort and sometimes what a person does intending to enhance privacy actually diminishes it. I’m also not very good at it.

Nevertheless, I think I am about to continue my timid venture down the TOR rabbit hole for a small, but with a bit of sharing among neighbors, home lan.

I read:
https://www.snbforums.com/threads/using-tor-dnscrypt.23782/ and

Tutorial - Using TOR to unblock sites blocked by ISP on [Fork] Asuswrt-Merlin 374 LTS

Install MicroSD into device. Format MicroSD as a single partition and install Entware on it using amtm. [/SPOILER] UPD: script updated, no more spam.

www.snbforums.com

which were the only results for a quick search of SNB.

And I have been using the Tor Browser. It has usually been fast enough for what I do but it does have some irritations.

So as to hopefully reduce the likelihood of getting too far up a blind alley, I request your opinion as to the best place to run TOR. I see where Merlin makes it available, I could put it on a firewall or I could simply continue with the browser.

Thanks in advance for any general comments, pointers, etc.

 

[Tech9]

but with a bit of sharing among neighbors

Stop sharing your Internet connection as my first advice. You are personally responsible for everyone's activities online.

 

[heysoundude]

I think you need to be a tad more specific about what you're wanting to share - TOR may not be the best way.
if there are files involved, you may want to look into IPFS

 

[dazedandlost]

Stop sharing your Internet connection as my first advice. You are personally responsible for everyone's activities online.

I know that this is good advice, and thank you. For the moment I am doing it anyway, with some disquiet, having taken some small steps to mitigate a bit of the risk.

I think you need to be a tad more specific about what you're wanting to share - TOR may not be the best way.
if there are files involved, you may want to look into IPFS

Except for the connection itself, there is no sharing intended. I mentioned that characteristic of my setup only because I wondered how easily TOR could be confined to one or two lan ports on the router and kept more or less completely away from the other ports and I am completely ignorant about Merlin's implementation.

My very limited intention here is to do as much as is reasonable to enhance and preserve my own privacy.

 

[Tech9]

My very limited intention here is to do as much as is reasonable to enhance and preserve my own privacy.

TOR nodes are known, it's trackable, it only draws more attention, if someone is interested. What exactly "privacy" you are concerned about?

 

[dazedandlost]

TOR nodes are known, it's trackable, it only draws more attention, if someone is interested. What exactly "privacy" you are concerned about?

I have been thinking about how to answer your question as it relates to where the best place to run TOR might be (router and/or firewall and/or browser) and what characteristics of Merlin's implementation might be suitable for that. Because of the complexity of privacy as such, I guess the best thing for me to do is to refer you to the dictionary definition.

Also, I am curious as to why, if TOR is as defective as your comment suggests, it seems as if TOR has been quite widely adopted.

 

[bennor]

Also, I am curious as to why, if TOR is as defective as your comment suggests, it seems as if TOR has been quite widely adopted.

Because it's free, that's one main reason why its widely used. But anyone who takes the time to research TOR, and who created it, will understand that it has its potential security and privacy issues. Anyone who is serious about privacy should research paid VPN vendors, or if wanting to setup one's own VPN, look into OpenVPN and WireGuard and other self installed VPN server/client options.

 

[Tech9]

I guess the best thing for me to do is to refer you to the dictionary definition.

If you look at that definition, unplug the cable. It doesn't apply for Internet communications. Not sure about your privacy, but work on your patience. The way TOR works means you have to wait longer for everything you want to see on Internet. Some things you won't be able to see at all. Your choice.

 

[L&LD]

Anyone serious about privacy should stay well away from paid VPN vendors. Privacy isn't possible when you're online. A VPN just allows you to choose who you may be hacked from.

 

[dazedandlost]

There is no way I can keep a determined criminal out of my house, especially with the laws against so-called fortified buildings, but I still put a lock on my door. Not that it offers much protection - it took me less than five seconds to get in after I came home without my key to a locked door. But I still lock the door when I leave even though I sometimes wonder why.

So if I were determined, and had the patience, to run TOR, where do you think might be the least bad place for it? I also run NordVPN, although part of L&LD's comment has given me pause, and I have read that running both together might be a very bad idea. Are things like OpenVPN and WireGuard and other self installed VPN server/client options subject to the same drawbacks and flaws, or is it the "paid for" aspect that adds to the problem?

Also if TOR is as defective as some may think, why did Merlin implement it in his firmware? Or am I misunderstanding yet something else? Would anyone be willing to point me at a thread or a changelog or some other place where Merlin's implementation is discussed?

 

[L&LD]

It's not the paid for part... It's the fact that you don't control both ends of the tunnel.

And on the networks that you do control both ends, privacy and security ends with either end reaching out to the 'net.

 

[dazedandlost]

It's not the paid for part... It's the fact that you don't control both ends of the tunnel.

And on the networks that you do control both ends, privacy and security ends with either end reaching out to the 'net.

If you don't mind my asking, what, if anything, do you do? I am not one who finds the "if you have nothing to hide" line of argument persuasive.

 

[bennor]

@dazedandlost
It really comes down to what you are specifically trying to achieve. I've read your posts and not seeing any specific indication of what your ultimate end goal is beyond the nebulous overly broad concept of "privacy". Are you trying to obfuscate your browsing or file downloading online? Are you trying to obscure your IP address? Is it to obscure torrent traffic? Is it to have secure encrypted file transfer? There is a lot of dancing around but no indication of what exactly you are trying to achieve using TOR or any other VPN service.

As indicated or alluded to by others, unless one controls both ends of the VPN/TOR tunnel (source - destination), one's network traffic generally has to leave a VPN/TOR exit node somewhere to reach it's destination on the Internet. (edit: same goes for the return path traffic - travels the internet to reach the entry node for VPN/TOR)

 

[Tech9]

Also if TOR is as defective as some may think

Who said it's defective? Quote, please. It's available and it works, but will give you more headaches then benefits. Services you connect to online know TOR and VPN and some will refuse your access. You limit yourself - the door you are talking about is locked with you inside the house. Every now and then we see threads by privacy obsessed folks. Unfortunately, most dig in a wrong direction. Here is an example with public VPNs - the tunnel goes right through your filtering DNS services and IDS services, AiProtection in Asuswrt, for example. You think you have privacy and protection, but in fact you're opening a door straight back to you. Do you like it this way?

I've read your posts and not seeing any specific indication of what your ultimate end goal is

Indeed.

 

[L&LD]

If you don't mind my asking, what, if anything, do you do? I am not one who finds the "if you have nothing to hide" line of argument persuasive.

What do I do for privacy and security?

Act like my mother and my teacher is watching my online activities.

 

[dazedandlost]

You gentlemen are challenging my thinking and I thank you for that.

privacy and security ends with either end reaching out to the 'net.

This is likely true for much of the general context existing at the end points (on the internet or in real life). I don't believe it's necessarily true that privacy must necessarily evaporate between those end points, along the way or for any side trips. In fact, I think it could be argued that much of the point of privacy is to keep as many of those nodes as separate as possible.

It really comes down to what you are specifically trying to achieve. I've read your posts and not seeing any specific indication of what your ultimate end goal is beyond the nebulous overly broad concept of "privacy". Are you trying to obfuscate your browsing or file downloading online? Are you trying to obscure your IP address? Is it to obscure torrent traffic? Is it to have secure encrypted file transfer? There is a lot of dancing around but no indication of what exactly you are trying to achieve using TOR or any other VPN service.

I don't think the concept of privacy is nebulous or overly broad. But to respond to your question specifically, at the moment I'd like to obfuscate my browsing and obscure my ip. I'm not concerned about file transfer and I know, and right now want to know, nothing about the specifics of torrent beyond how to misspell it. I apologise if you think I have been dancing around; I don't see it exactly that way.

Who said it's defective? Quote, please.

Huh?

I said: “Also if TOR is as defective as some may think ...” and, immediately above your question, you yourself provided the quote you ask for.

I apologize if I could/should have chosen a better word but the inference behind the comment seems to me to be fairly clearly set out in some of the previous comments in this thread, so I won’t detail them explicitly unless you want me to.

What do I do for privacy and security?

Act like my mother and my teacher is watching my online activities.

And if you continue to enjoy an immense good fortune not shared by many, neither of these wonderful people will change their opinions and apply their new standards retroactively with lethal (figuratively speaking) effect.

Every now and then we see threads by privacy obsessed folks. Unfortunately, most dig in a wrong direction

"privacy obsessed" or "inexcusably careless" - depends on one's point of view and what one considers either important or irrelevant, doesn't it?

To reduce my chances of digging too far in a wrong direction was precisely my hope in opening this thread. Looking back, I should probably have rephrased my opening question along the lines of: What are the advantages/disadvantages of running TOR on a router vs firewall vs in the browser.

I find the complete absence of any comment from anyone about Merlin's implementation rather curious.

 

[L&LD]

Yes, privacy does necessarily evaporate when you go onto a public network (i.e. the internet at large), or, when you connect to another website/server, etc. that you do not control but need/want to have an interaction with. That's in the definition of privacy!

How we act online (affecting our privacy/security) isn't up for mere 'opinion'.

Just like showing up at a bank with a gun in hand gives people an impression (usually, negative) of your intended actions, so does the use of TOR, etc. when you're online has the same effect too.

The difference is that in real life, you can hide the gun, and hide it quite effectively, as long as you want. On the 'net, you can't hide anything (if given a person, entity, country with enough resources to hunt you down).

Use a different public road to travel between two underground parking structures/buildings that you wholly own in a fully blacked-out vehicle, randomly, and without letting anyone know you're doing so? That's what Private VPN offers when you're online (you're controlling both 'ends').

Use that same fully blacked-out vehicle to go to the mall to go shopping, or visit a friend? That's what paid-for VPN offers, but they don't tell you that, of course. Once you step out of the vehicle at your destination (i.e. the 'mall', in our example here), your security and privacy have effectively gone out the window.

There will never be 100% full security or privacy when we're on the 'net. Acting like you know that is the biggest thing to keep you 'safe'. Even when we need/want to interact with other entities online, we always give some of our privacy up (whether we know it or not).

This has nothing to do with good fortune or changing anyone's mind, as the above clearly highlights.

This is the state we're in, now.

 

[heysoundude]

I have been thinking about how to answer your question as it relates to where the best place to run TOR might be (router and/or firewall and/or browser) and what characteristics of Merlin's implementation might be suitable for that. Because of the complexity of privacy as such, I guess the best thing for me to do is to refer you to the dictionary definition.

Also, I am curious as to why, if TOR is as defective as your comment suggests, it seems as if TOR has been quite widely adopted.

I would hesitate to force a home interweb connection to use TOR...individual devices, or the browser on individual devices, yes, sure...but not a whole WAN connection.
You may have seen their posts - @garycnew is doing stuff with TOR around here lately...maybe you should DM them and see what they suggest?

but back to your first post...sharing. you havent given us your use case. that may help you get a better answer than a debate about VPNs and online anonymity/"security"/privacy...if it's pics of the neighbourhood street party where Mrs X was doing risque things with Mr Y and now Mr X and Mrs Y want divorces from their spouses, maybe that stuff just shouldn't go anywhere near internet connected computers and travel via sneakernet (I'm of a mind it shouldn't be disseminated, personally, but...), you know?

 

[dazedandlost]

but back to your first post...sharing. you havent given us your use case.

I thought I had. See here:

But to respond to your question specifically, at the moment I'd like to obfuscate my browsing and obscure my ip. I'm not concerned about file transfer and I know, and right now want to know, nothing about the specifics of torrent

What am I failing to disclose? (Actually, I'm more interested in the generalities than the specifics atm, but these are the ones I would be most concerned about.)
I think I may have overemphasized the "sharing" aspect of it simply by mentioning it. While not identical, it's not really very different from two family members sharing the same internet connection; one being very concerned about privacy, the other couldn't care less.

I would hesitate to force a home interweb connection to use TOR...individual devices, or the browser on individual devices, yes, sure...but not a whole WAN connection.
You may have seen their posts - @garycnew is doing stuff with TOR around here lately...maybe you should DM them and see what they suggest?

Thank you for this. Helpful. I will put checking it out on my list.

 

[dazedandlost]

Yes, privacy does necessarily evaporate when you go onto a public network

Some does, yes certainly, but not all. You make valid points, and I have some understanding of your excellent analogy.

I believe I made some valid points as well.