I mean, it’s not that expensive to start an exit node, and requires “only” knowhow to mess with someone’s unencrypted browsing, which is what the first and third did. I can’t remember now if Onymous actually managed to break Tor anonymity - I’m pretty sure good-old-fashioned stings turned out to be a big part of it.

IIRC the two-node timing attack I was thinking of was an academic demonstration. Because it’s too non-specific to be very useful.

That excerpt still says it was deployed to all the businesses listed above it, though. So yes it was being used however those businesses used it.

It was in the OpenSSL (for example) as an option you could manually enable. Who knows if anyone actually did, given that everyone who knew enough to specifically ask also heard it was suspicious.

Post the next paragraph too.

Moreover, the algorithm had been shown to be insecure in 2007 by Microsoft cryptographers Niels Ferguson and Dan Shumow, added Mr Clayton.

“Because the vulnerability was found some time ago, I’m not sure if anybody is using it,” he said.

But your comment implied that because it is open source it automatically means that it is safe and trustworthy and that isn’t true.

Well, your comment implied that OP shouldn’t trust Tor. OP should trust Tor at least as much as they trust their own device, which almost certainly has closed-source components I’d rather target if I was the NSA. (Or the Chinese, or…)

Since this user wanted an in depth conversation on the topic I don’t feel like its “ritualistic purity” to disclose all that I said above.

Except in-depth isn’t what was offered. This reply appears all the time in regards to Tor, and it never comes with alternative suggestions. So yeah, I suspect something irrational is motivating it.

But most people who looked at the NSA’s backdoored encryption noticed it was sus and didn’t use it (as I remember it, that was a decade ago). Per your link, at the time of publishing it was unclear if anyone was using the effected version.

Okay, sure. Open source doesn’t mean completely safe, but if it’s a well-known package it does mean much, much safer. Public public affiliations don’t even say much about who authored whatever thing; here’s a another near-miss that illustrates that - which is why this can feel more like ritual purity than an actual security argument.

So what should OP use?

Hmm, no, you’re right. XFCE had it’s first release in 1997 vs. 1999 for GNOME. I guess I just didn’t hear about it until GNOME started having controversy.

neither was resource hogging sugar coated unconfigurable GNOME as we know today.

Yeah, that might be the real thing. Tails had it’s first release in 2009, and it’s possible they just haven’t moved over yet.

IIRC only for a tiny, non-selective subset of users unlucky enough to pick your two bad nodes. Otherwise Tor would basically be dead.

Was XFCE a thing when the project started?

If you don’t trust your own hardware or are worried about a session being compromised it also offers some protection - especially if you have a physical read-only switch on your media.

Tor isn’t on postquantum encryption yet, which is less than great.

Besides that, about as good as it gets, and at the cost of being less usable.

Yeah, but it’s open source, so so what? When people say this it seems like either cope to justify doing nothing, or some kind of ritual purity thing.

Guns are a great example under “accepting we’re mortals in an ugly world”, actually. Nobody is seriously claiming they’re going away, but the way they’re talked about by the left, you would think undoing a technology is on the table.

I mean, you can still want more gun control, and most other nations have gone that way, but the only people mentioning they’ll still be around in some way tend to be on the right - because that’s ugly.

For example: the US flag. It has become a stereotype in the US that if you fly an American flag on your house or car, you are a conservative/right-wing nationalist. “America bad” is a lefty stereotype for good reason.

Fun fact, it was leaking into Canada for a while. Unnecessary maple leafs meant you probably didn’t like vaccines or Trudeau. Then you guys (well, Trump; we know there’s another party) talked about annexing us and made patriotism neutral again. Thanks?

January 6th was a weapons demonstration, not a real attempt at coup.

That’s an interesting way of looking at it, although I’m not convinced it wasn’t just stupidity on their part. The right also have hangups that will self-correct, in their own way.

That’s kind of what I was going to say about tribalism as a force, too. Nobody turns their noses up at an Irish name today, and nobody will be impressed by lifted pickups and ill-informed scriptural references in the future. The idea of elected representatives has been around for centuries, though.

Caring about tech issues seems more like a gen X/Millennial thing to me. Most of gen Z hasn’t figured out the problem yet; most older people just see a magic box. Obviously there’s exceptions at both ends.

Edit: And gen Alpha might be old people all over again in a different way. We’ll see.

Conservative-coding of things that are actually just healthy personality balance is a real thing. Bravery, duty and basic acceptance we’re mortals in an ugly world also come to mind.

There’s enough history written down to say for sure it’s going to self correct. Hopefully not in the “everyone like that went to a camp, but some of their ideas found a new audience a century later” way.

You must have a very left-leaning sample of boomers.

Yeah, I’m still not used to those either.

Since this is Lemmy, I’m required to ask if you’ve considered a custom ROM.

Another vote for Rexodus.

Maybe the latest discovery by Dragonfly.

Far fewer people will be able to read it, without doing something illicit and maybe expensive, although certain countries will still be free enough. On the other hand, it (or PieFed or a future version) could be endorsed by the remaining nations, or just have had some more exoduses of users come in.

Slight chance the AI winter we’re going into is short and some specific fusion with classical algorithms succeeds at AGI, so singularity stuff is going on and being posted about. 2038 problem, as someone else mentioned.

Edit: Q-day stuff could be done, coming soon or ongoing. If it’s done - which I kinda expect - it’s still a massive source of both breaches and fun mods on old, locked software and hardware.

Allowing calls to proliferate in the first place and be addressed would indicate some level of free speech.

5% sounds high just by how things are, and how little people understand what it is. I’d buy 1%, though, and that’s something.

Trump is right that Canada in between the lower 48 and Alaska is border gore. But there’s another solution…