• kitnaht@lemmy.world
    link
    fedilink
    arrow-up
    3
    arrow-down
    3
    ·
    edit-2
    13 days ago

    https://www.malwarebytes.com/blog/news/2024/10/tor-browser-and-firefox-users-should-update-to-fix-actively-exploited-vulnerability

    This was just in October. This is only the latest in a long history of Tor being a target for attacks. Sorry you’re ignorant of that fact, but Tor is quite possibly the worst choice for any task. A VPN will always be faster, more reliable, and more secure.

    Here’s another in January: https://www.securityweek.com/tor-code-audit-finds-17-vulnerabilities/

    And, it’s basically the only service where it relies on freely added Tor exit nodes, where anyone can set up a node and start siphoning off data – as data between the exit node and your end path is NOT protected.

    Granted, this is the same for VPNs, but anyone can set up their own Tor Exit node. VPNs have a business incentive to make sure not just anyone is in the chain for access to that data.

    I can fully saturate a symmetrical gigabit connection with my VPN. I can’t touch a fraction of that with Tor.

    Tor is for oppressive countries where anonymity and misdirection are more important than performance. It’s literally worse than a VPN in every single way unless you’re concerned with a major country coming for your head. And even then - Tor isn’t going to save you.

    • PhilipTheBucket@ponder.catOP
      link
      fedilink
      arrow-up
      3
      arrow-down
      4
      ·
      13 days ago

      I typed up a long sarcastic response as to why this isn’t true, but I think I’m going to let you keep believing these things. If you think VPN-using browsers do not have vulnerabilities that need updates to fix actively exploited vulnerabilities, or that data is protected between the exit node of a VPN and the end path, then I’m going to let you keep thinking those things. I’ll never stand between a person and their dreams.

      • kitnaht@lemmy.world
        link
        fedilink
        arrow-up
        2
        arrow-down
        3
        ·
        edit-2
        13 days ago

        Read your own damn article:

        Because it’s designed with privacy and anti-surveillance in mind, it generally runs slower than the regular internet and is not designed for content streaming.

        For Fucks sake…

        If you think VPN-using browsers do not have vulnerabilities

        VPN is not “a browser”, it’s a network stack. It is separate from whatever you use for a browser. If you use Tor, you still use a browser. So your argument is absolutely coming from an asinine point of view where you clearly don’t understand the technologies behind each.

        • PhilipTheBucket@ponder.catOP
          link
          fedilink
          arrow-up
          3
          arrow-down
          2
          ·
          13 days ago

          VPN-using browsers

          VPN is not “a browser”

          Diesel-burning cars

          Diesel is not “a car”

          See how language works? You need to relax man.

          • kitnaht@lemmy.world
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            edit-2
            13 days ago

            I’m pointing out a false equivalency argument here, not arguing about your semantics. If you wanna start arguing the definitions of words, you’ve already lost.

            • PhilipTheBucket@ponder.catOP
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              13 days ago

              Tor is for oppressive countries where anonymity and misdirection are more important than performance. It’s literally worse than a VPN in every single way unless you’re concerned with a major country coming for your head.

              So it’s… … more secure? I generally agree with this statement. The performance is worse, which makes it unsuitable for some things.

              VPN is not “a browser”, it’s a network stack. It is separate from whatever you use for a browser. If you use Tor, you still use a browser.

              Yes, which makes it kind of silly that you originally highlighted a vulnerability in the browser as a problem with Tor. Tor is also a network stack, but it’s most often used through a bundled-in specific Tor browser, which sometimes has vulnerabilities. Most VPNs don’t bundle a browser, but the browser that’s using the VPN still sometimes has vulnerabilities. They stand in exactly the same relationship, in terms of vulnerabilities in the browser. Neither one is better than the other. That’s the point that I was making. I can absolutely assure you that I understand the technologies involved.

              • kitnaht@lemmy.world
                link
                fedilink
                arrow-up
                2
                arrow-down
                1
                ·
                edit-2
                13 days ago

                It’s less secure. Tor encrypts your BROWSER data. VPN encrypts ALL of your data. Your browser isn’t the only thing that you have to worry about regarding privacy.

                Do you see how that would make Tor less secure than VPN? Is that clear?

                • PhilipTheBucket@ponder.catOP
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  13 days ago

                  I think you should share this way of looking at security with some security professionals, and see what they say about it.

                  I know some people who recently wrote an article, for example, which said among some other things:

                  The simple answer is that you can’t and shouldn’t trust either free or paid VPN providers. … For some, using a VPN can be as dangerous as not using one.

                  And your government can seek grounds to demand access to your browsing data anytime it wants — including retroactively — which can also include demands to access data from VPN providers, defeating the very point of the privacy you sought.

                  Security experts consider the Tor network the gold standard of private browsing because it allows you to access the internet without censorship or surveillance.

                  Instead of relying on a single tunnel to hide your internet traffic, Tor works by encrypting and routing users’ internet traffic through thousands of servers around the world, shielding their activity from other servers and the outside world. Because of Tor’s implementation, no single Tor server can see your browsing data. That means even if a Tor server is compromised, the attacker still cannot access the users’ browsing data within.

                  Because Tor is open source, anyone can inspect its source code to ensure that it’s safe to run.

                  And so on.

                  You’re not wrong that a VPN will shield your non-web traffic, and if you’re doing something sensitive outside of HTTPS and the associated DNS, then Tor won’t help. It also won’t prevent someone from stealing your car or breaking into your house. And, the same very serious vulnerabilities that apply to free or commercial VPN providers will apply to all of that non-web traffic.

                  The same article with the above useful tidbits of information also includes a guide to setting up your own VPN, which can be made actually extremely secure against some threats, if you do want to secure non-web traffic. Tor is still much better at protecting your web traffic, assuming that you’re doing something for which it is suitable.

                  Hope this helps. Let me know if you have any questions.

                  • pineapple@lemmy.ml
                    link
                    fedilink
                    English
                    arrow-up
                    3
                    ·
                    edit-2
                    13 days ago

                    There are ways to send all of your internet traffic over tor. For example tails os does it by default.

                    And tor is definitely more secure than a vpn. Any VPN company can just log all your internet traffic and sell it if they want to. Compared to tor you will need to gain access to at least 2 nodes that the internet traffic goes through in order to get any mildly useful information, that is significantly harder than with a VPN.

                    Also I just wanna say arguments like these are so fun to read

        • PhilipTheBucket@ponder.catOP
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          13 days ago

          Actually, I should have said specifically: It is true that Tor is slower and unsuitable for some applications, streaming and torrenting being two of them. It was more your statement that it is somehow less secure that I was disagreeing with.