Slashdot Mirror
A 14-Year-Old Asks: When Should I Get a VPN?
"One of my students sent me this letter," writes Slashdot reader Hasaf. "I have a good idea how I will answer, but I wanted to put it before the Slashdot community." The letter reads:
Right now I am 14 years old, I was wondering when I should get a VPN... I was thinking about getting the yearly deal. But right now I really have no need for a VPN at the moment. I was thinking of getting a VPN when I'm in 11th grade or maybe in college. What do you think?
Of course, the larger question is what factors go into deciding whether your need to be using a VPN. So leave your best answers in the comments. When should you get your first VPN?
Of course, the larger question is what factors go into deciding whether your need to be using a VPN. So leave your best answers in the comments. When should you get your first VPN?
First thing is that you need to understand what exactly a VPN is and what it protects you form. People hear VPN associate it with privacy and security and think it's a magic pill. It isn't. It has very specific uses, and it can protect you in some ways, but in many it doesn't.
I always compare it with a very long cable that you stick into another network. Imagine, you are at McDonalds, and you could have a very long cable to your home network. You could access your NAS at home, surf from the IP address at home, all through that cable. That is what a VPN is: it allows you to plug into a different network. So what does this protect you from? In my example, from McDonalds and the other patrons on the McDonalds network. They can try to see what you do, but all they will see is the "cable" (the encrypted traffic) to a certain IP address (your home connection). What happens on that cable is opaque to them.
However, if you surf the Internet over a VPN, it has an endpoint. In my example, that would be your home connection. So the sites, you visit see your home connections IP, your parents still could have filtering software on that home connection, etc... It would be as if you were physically at home and no different. The sites you visit can still track you.
So, VPNs are basically good for three things:
So, now, with this information, you should be able to ask yourself: Is this the kind of functionality and protection I need? If no, you don't need a VPN. If yes, go ahead.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
Let's take a requirements-centric approach:
What do you need?
Congratulations! You don't need a VPN, so don't get one yet.
Nuff said!
As long as the parents have man in the middle access it is not a bad idea. Before the kids all flame me for saying that, I saved my daughter from a potential predator because I monitored her Internet use when she was 14.
At that age one is still a child and still tends to have poor judgement. I know I did back then.
should have done it at conception.
"I was thinking of getting a VPN when I'm in 11th grade or maybe in college."
First thing I'd be asking is what they think a VPN is and what do they think it'll do for them. I can't see a connection to age or stage in education which would make a difference, which makes me wonder if they truly understand what it's all about.
if your laptop/phone can connect into your home VPN, then what you carry with you, maybe in another country, could be inspected by border-police/... and they would have access to your home network from their country. Do you want that ? Making things easy for you will also make things easier for people who you might not like.
maybe wait until his 18th birthday?
The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
I get constantly harassed to enter CAPTCHA after CAPTCHA and do all kinds of hoop-jumping and very often pages just don't load randomly, timing out, and have started ALWAYS showing fake errors such as "We're having technical difficulities" or "that nickname is already taken" when they actually mean that the VPN is banned (I'm not making this up). I've spent weeks now just trying to get a basic little webhost (not even a server) thing up, but none of these companies want my money. Instead, they pester me to scan in my "photo id" (which I don't have and won't be getting) and send them to them, as well as scanning my credit card and sending it to them. And make phone calls to verify. And verify with SMS. And all throwaway e-mails are banned. How much longer until you must provide a DNA sample to use any service? Facebook banned me because I refused to send in a "full face photo" to, again, "verify me for my security". The Internet has become completely worthless as far as I'm concerned.
is he pirating or is he a professional troll or is his freedoms limited due to country of residence... we don't know. so we can't answer the submitter's question properly.
You should get a VPN when you can afford it yourself, and only if it's better than the other options.
If you're 14 and already running a business where you need a VPN to avoid the internet bottlenecks on speed, then more power to you.
On the flip side, if you're intent is using a VPN to get around laws in your area, you should seriously consider instead working toward removing the offending laws legally. Start petitions and make people aware of the issue. Paying money for a VPN just to hide your head in the sand ignores the bigger problem.
VPN only makes sense if you want to keep a connection secure or obfuscate the connection you are making by relaying messages to another server. It does not make much sense to pay for a VPN service just for the sake of paying for it. And VPN does not help keeping you anonymous from Facebook, you know.
What are we talking about here? Have VPNs become like cars and houses? Is owning one a rite of passage to adulthood? A sign of maturity?
It's a fucking tool. If you have a need for it then use it, and if you don't have a need for it then don't use it.
Buy a good VPN service as soon as you can afford it. Know what it does and especially what it does not do. I got mine the first time I got a nasty letter from my ISP for downloading a torrent for a movie I already owned (Flixter *sucks* on a Mac). Don't regret the purchase a bit.
VPNs tunnel through your router's firewall, so you need to make sure that the firewall on the local VPN endpoint does its job. There are several VPN providers which allow incoming connections through the VPN, so by connecting through their VPN you might just give access to your local resources to anyone on the internet. Firewall the VPN interface!
To Hasaf: You should only have sex when you ready. It is OK to wait to eleven grade.
You're already too old. You should have been dabbling into VPNs, websites, IRC, (Of course Linux, etc), programming, databases and building your own PCs towards the end of grade school. Today's technology will be old by the time you reach 11th grade. Take the time to learn stuff now.
You have free time now. Learn it all now and have fun. Keep a diary so you know what you did. You'll need it later on.
Your aim should be to past the skill level of a CS graduate by the time you hit 18. Consider skipping college, and going into business for yourself ASAP.
> Right now I am 14 years old
Worry less about VPN, and work on getting a girlfriend.
Ok, young man, here's some important details you should know about VPN
- Not all VPNs are equal. Some fit, some don't. They come and go. When your first VPN goes down, it will feel like the world is collapsing. Don't worry, it isn't. You'll get to see many VPNs in your life and eventually you'll find that one VPN that really fits and you'll stay together and maybe even start your own service. You'll know when the time is right and you've found the right VPN to do just that.
- Some VPNs come with flashy advertising and/or quite some legal block. Don't just look at such VPNs but also at the custom built ones that run their own self-built config scripts and services. Those are real gems and that is where you can find very special VPNs.
- Don't just fantasize and read about VPNs online. Go out and meet some real world VPNs in real life. That is where you will gain the experience to judge VPNs and which work best with you.
- When you get your first real VPN, you still need to protect yourself! I can't stress this enough. Practice applying Firewalls and such when you're in the mood for trying out some VPN.
- When you get your first VPN it might not connect in the first night. Don't worry, it will get better. Soon you'll be VPNing like a bunny.
- If you think you've found the right VPN and want to stick with that for life (very significant decision), do write up a contract covering all the details concerning you and your special VPN - it will save you pain later if things don't quite work out as planned.
Those are the basics, the rest you'll learn along the way.
Godspeed!
We suffer more in our imagination than in reality. - Seneca
That way your traffic will look like warez, rather than trying to buy dope in bulk to deal to your pals.
Far too many novice users have no understanding what a VPN is. And/or they assume you have to pay for one from some provider.
I myself use OpenVPN to tunnel to my home network when I am using my cell phone to provide access to my laptop, to protect my activity from my cellular carrier (I am not technically "allowed" to "tether") - it doesn't cost me anything, and as a bonus I can access devices on my home network such as IP cam's, etc without having to setup individual port-forwarding in the router.
As most governments in the world have become hostile toward their citizens, keeping your communications anonymous is extremely important. Look at what is happening in the vicious democrats attempt to bring down Trump, with the so called Russian connection. The vicious Muller and his democrat cronies haven't been able to find anything, so they are now going back 10 years to try to find something else on Trump. In our hostile political world today, it is wise to continuously cover your tracks. Even more, if cops and prosecutors ever try to pin a phony charge on you, they will pursue any and all possible communications you have had.
When?
Should be asking Why instead.
Insufficient context provided, so the question can't be answered without too many assumptions.
Like with all of these questions, it depends.
My daughter was borrowing one of my IPs on a VPN provider when she was 5. Why? She was following me to hacker conferences, and we wanted her traffic to be encrypted (5 is too young to end up on the Wall of Sheep!)
If your 14 year old is politically active in a repressive regime, (I'll leave it as an exercise for the reader to determine if their regime is repressive) hopefully they already have one.
If they want to roll their own as a project, I'd be like "sure!" - Mind, I'm realistic that if mine decided she wanted to access the internet unfettered she'd go to a friend's place, or outsmart dear ol' Daddy (can you think of a way to get data out of your work network? Your kid can likely come up with a way to jump your firewall too...)
So best to teach them safe habits and cross the fingers. The 'great firewall of China' strategy's time has gone.
Min
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
14-year-old is too young to use VPN. They want to act like adults and yes, they are physically ready to use it and in some cultures even younger ones have been using VPN, but they are not mentally ready. Especially if the worst happens and you get some nasty virus or a worm. And are you ready to take responsibility of the new networks that might born as a result? Young people don't usually considered at all all the negative results that might occur, they only think the positive side or the moment.
That all being said, I think parents should talk with their kids about VPN. Or if that is too embarrassing, you can read some wikipedia articles about it.
The question is hard to answer unless we know what your ultimate goal is. Here are a couple of scenarios.
If you don't trust you ISP to keep your surfing private, then a VPN can hide your activity. However, now someone else has your browsing history. Who is that person or people? Hard to know. Personally, I suspect that many VPNs are run by one government or another.
If you trust your ISP, you could get a VPN to connect to your home, to access your NAS, and to browse using your ISP. This protects your information from the WiFi owner, their ISP, and the country you are traveling in. It also means that you can leave your data on your NAS and not have to cross borders with it where it might be searched/copied/seized.
Some people use VPNs to hide their location so that they can get around a services geographical restrictions e.g. Netflix streaming. However, companies are aware of this and many of them block access to their content if you are using a known VPN provider.
They should get the book "Baby's First VPN".
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
It's a tool, not some tech rite of passage. If you just want to learn how they work due to general curiosity, don't pay anyone; set one up between your and a friend's computers.
It might be a good point to also introduce the notions of onion routing.
Comparing TOR to VPN :
If VPN is a cable that runs to your home, TOR is a tangled mess of wires that runs to all your neighborhood, including your friends, but also including that new weird guy that moved recently. And one of your friend has trips the main fuse or put his house on fire every other week. And also that trigger happy redneck neighbor.
Whereas VPN creates a single jump point through which you route all traffic,
TOR uses multiple successive jump points each can one out of a very long list to blurry the leads.
This has several consequence :
- it's a bit better than VPN at hiding your activity from 3rd parties, because there's no single entity that has a complete overview over all your traffic. Everyone only sees small bits of your traffic mixed with small bits of every one else on TOR.
To keep the "cable" metaphore, it would take the police to post one officer in each of your neighborhood's house (including to the redneck that will proudly shoot anyone step un-invited on his home ground) to monitor as many exit points as possible, and another officer at the McDonalds trying to notice when traffic goes out to try to correlate with the observations spread over all the potential exit points.
In real world, trying to de-anonymize TOR is a task that can only be attempted by government-level entities.
- due to the multiple end-point vs a single known VPN vendor with a nice data center, the traffic tend to be a bit unreliable and bandwidth is erratic. (The friend that is basically as walking destruction of his home won't be a good exit point).
- it's difficult for random people to run exit nodes without special agreement with service providers : you never know what will come out of your end-point. (The weird neighbor might be into midget porn, or worse).
- people tend to look suspiciously to TOR and automatically assume it's for nefarious purpose. (You could be accused to be a drug dealer, just because of the tangled wires). In practice that means that content distribution networks such as cloudflare will always ask you to solve captcha before proceeding further.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
When should he ditch the "virtual" privacy, and get a real private network? Should he wait until he's 60 years old, a billionaire, living on a private island in the Mediterranean with a slide-off roof on his volcano for launching helicopter attacks on MI5, or should he go ahead and set up his private network now so that he and his teenage friends can chat in secret?
Have you read my blog lately?
Chicks dig em.
Just connecting on the Internet these days is risky, but adding the extra maturity required to use a VPN it is best to protect oneself. It's okay to be curious about and explore VPNs at such a young age, (it's only natural to be curious about one's privacy) but as 'it' can have life long consequences, I recommend that all uncommitted customers purchase their VPNs with Walmart Gift Cards. Once you decide to settle down with a VPN for a while and really start leeching, maybe it's time you gave them your credit card number and start surfing for nasty stuff with a much lower risk factor.
---Up Up Down Down Left Right Left Right B A START
I'd say that people should get a VPN when they actually understand how it works, what it can do for you, and why you need it, if you really do. If you don't know this, you will be wasting your money. It's not a be all end all for security, it's usefulness is limited to certain scenarios and situations, and most people still don't use one.
But in a general sense, you could get a VPN as soon as you started using the Internet to traffic sensitive information of any sort, even if you need parents or someone else to set it up for you, knowing the reasoning behind it.
I still think that for the most part, people don't need to worry about it. It has become prevalent in ads and sponsorship on tech news channels and whatnot, Tunnelbear being one of the most blatant to show up everywhere, but their slogan does not present the whole truth of it - "browse privately and securely", as Linus is always saying. :P
It's far more important for a kid, teen or user in general to first learn and understand best privacy and security practices on the Internet before even considering a VPN. Stuff that you don't need to pay for. Most common problems people have, like falling to fishing e-mails, downloading malware, getting their online identities stolen, thoughtlessly sharing sensitive information on social networks, and stuff like that - VPNs won't protect you from most of that.
Poor analogy, but you can think more or less like this: a bulletproof car. See that it's pointless to buy a bulletproof car if you are going to use it to go to shady neighborhoods flashing your money around as soon as you step out of it. Your bulletproof car won't prevent you from getting mugged in the streets once you exit it.
And sure, VPNs can be useful even for single users, specially those who are traveling a lot, who use unsecure networks, or just don't care about securing their own home network, but there are far more important and basic things than that when it comes to privacy and security.
When you are 14 then you do not need a private network. You need to get out and find out what it is with the girls/boys everyone is talking about. Also you should prepare your home and friends for your 16th birthday, the day you can drink beer and wine for the first time legally. In case you are an US citizen, save money for a trip to Europe.
Any 14 yr old thinking they need a VPN should have their internet access highly restricted and smartphone/tablet taken away. There are many better things for someone that age to be doing.
OTOH, as an adult, I see the need for 2 different types of VPNs.
One for interfering with elections outside my home country (TOR would be a better solution) and the other for whenever I'm on a network that I don't control ... cafes, coffee shops, govt libraries, etc.
I don't see any 14 yr old needing either of those, especially after their smartphone is taken away.
MODS!!!
about BitTorrent. And never have a VPN server in your own country, always be international.
Though it's incredibly sad to me that the child is asking (modern parents really are asleep), I would say, your parents should already have you on a VPN. They should already understand what it is and why it's important - you need to understand that what you are posting now, even at a very young age, is vulnerable in the same way, your age doesn't make difference. Have a talk with your folks. They should really be doing it for themselves, too, it's just good internet sense. Good luck, and post back if you need suggestions for a good service, as they are not all created the same or have the same features. :)
Get a life, not a VPN!
I didn't get my first VPN until just after I hit puberty.
Wait, what exactly is a VPN again?
You are welcome on my lawn.
My two largest things I use my VPN on my VPS for are tunneling all my public wifi to hide my public IP from home internet providers that don't allow me to offer free WiFi from their product and packet scheduling and shaping traffic from any kind of device that will work with a VPN.
Don't be a dumbass kid. Just use linux / freebsd. Learn to program in java / c--, sharp / B flat / Pi R Round or latest flavor of crappy bloated program language. DO NOT USE WINDOWS! Scrap WIFI and your cell phone. Get a landline and use DSL. This is much safer than a VPN. Failing that, just hook into McFuckers Shit food free wifi. This is much safer than a vpn!
Good luck asking stupid questions of these assholes. You never get any decent advice other than "Hey if you have to ask you are too stupid to use technology" Self righteous assholes... :P
A serious predator who chats her and then kidnaps her after the meet is at least as bad. Teenagers are hormonally driven sub-humans - which is why their human rights are limited. Pretending otherwise, whilst attractive and reinforcing of our own perceptions of ourselves at that age - which we edit to exclude the dumb stuff we did - is dangerous foolishness.
A small but significant number of kids go missing and don't surface again. We like to assume they didn't end up in a dungeon as a paedophile's plaything, but there's no good reason for that optimism.
14 years old, come...on..., if a 14 year old is smart enough to ask this kinda question (*kuch clickbait*)... he/she probably knows better then us old timers, the answer to this question.
It is the new bling.
You wouldn't expect him to be the only one on campus without one would you?
Who do you trust more? Your ISP and the people monitoring it. Or the VPN operators, plus the VPN's ISP, plus the same people monitoring it.
VPN actually REDUCES your privacy in general. It's good for appearing in a different physical location or for privacy in "hostile territory" as it were (for example using an open access point; or a cell phone ISP).
It is however, hurting your privacy if your ISP is at least as "good/bad" as the VPN's ISP because you're introducing several extra easily monitored layers to potential threats.
Offers free vpns via the University of Tsukuba. The fat connections are in japan with volunteer ones in a number of other countries (korea, us, canada, even a few in places like turkey, iran, etc.) However, not all nodes get access to the complete internet. A few or the networks they attach to perform malicious operations on the connection or attempt to mitm https connections. Unlike Tor however, they can offer you UDP access to the internet, even over a TCP-only network connection, which may offer benefits if you wanted to game or torrent from a network connection that otherwise bans it.
Will You ever run for public office? ---> Yes
Are your porn tastes fairly mainstream, such that the common porn sites are sufficient for your carnal appetites? ---> No
Are you like, SUPER INTO drugs? --> Yes
You get all tingly when you see people n animal costumes --> Yes
You are actually a For Real criminal --> No (all VPN users will eventually be bugged by NSA/FBI).
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Tons of terrible advice and confusing comments on this thread. Hereâ(TM)s a couple of expert resources to consult about personal IT security:
https://ssd.eff.org/
https://www.yourultimatesecurity.guide/thirty-day-challenge.html
You can get a pretty good deal on "Baby's first VPN".
Like you should buy condoms before you start having sex, you should get a VPN before you start using the interwebs. Is that clear enough?
Debate is a form of harassment. Do not question my truth.
Dear Johnny,
At 14, many boys begin to notice feelings about VPNs.
You've surely noticed that the VPNs have been changing.
Some of them have bigger capacity and some look more secure
than other VPNs in your school. You may catch yourself
staring at some of the older VPNs and having daydreams
about getting on them.
You may even have woken in the morning after a strange
but pleasant dream about VPNs, a dream you didn't totally
understand, and discovered that you had a data leak overnight!
Don't be ashamed or scared.
This is all perfectly natural and normal at your age!
You are changing into a young man, and it can be exhilarating and
wonderful, strange and confusing, all at once. You might find yourself
awkward or stumbling a lttle when you're near a VPN.
Just relax, it's going to be OK!
There are important things to know and things to learn about VPNs.
Don't rush into it. Talk to your parents or any adult who you feel
comfortable with. You don't want to use just any VPN.
The adults can explain some things about the cryptic nature of VPNs,
how to approach them, how to figure out which ones are respectable,
and which ones will be the best for you. Listen to people you trust.
You're not alone, either. You can also find information on StackOverflow.
You probably don't need a VPN this week.
But in just a few years, you'll wonder how you got along without a VPN.
Congratulations! You've just taken the first step towards adulthood.
I've been surveilled multiple times in spite of it being "secret". USA isn't a free country, as some might say.
Anyone and their dog can set up a VPN service in a few hours with claims they don't retain records or some such. First they are lying, you can't verify it and it's far far easier to run such a service with records so they are lying. Second, VPN services make great honeypots, therefore you can safely assume most of them are just that. Third, IP addresses alone are no longer considered sufficient evidence of identity in most cases, a VPN solves that problem by giving a second layer of identification in the form of VPN account information. This double linkage back to you is generally viewed as greatly increasing the probability of conclusive identification.
If you are trying to use network resources at home, use a home vpn you set up yourself. Otherwise you probably want a proxy and/or TOR (not perfect and slow) with javascript disabled in the browser. If you are asking because you pirate crap, you don't really need a VPN, keep your bandwidth usage reasonable and avoid torrents for idiots like content still in theaters. Better yet, don't use torrents AND avoid content for idiots like things still in theaters.
Don't think in terms of absolute security and being untraceable, think in terms of who you don't want tracking you, their realistic resources and being the low value target with too high a cost to be worth it. Movies for instance make most of their money in the theaters and while the studios oppose all piracy efforts to hinder it cost money eating into their profits so what do you think they target to get the most bang for their buck? By avoiding that content at that critical time you aren't just avoiding their most likely target, you are from their perspective doing orders of magnitude less damage.
It would have been nice if the original post had expanded VPN at least once, so people who have not encounted it could understand it.
OS/2 - because choice is a terrible thing to waste.
Using a VPN or any other privacy-enhancing feature like encryption will single you out on surveillance databases, grievously impacting your future opportunities to obtain housing or gainful employment. Do not be the odd one out: conformity is safety.
Right now I am 14 years old, I was wondering when I should get a girlfriend... I was thinking about getting the yearly deal. But right now I really have no need for a girlfriend at the moment. I was thinking of getting a girlfriend when I'm in 11th grade or maybe in college. What do you think?
what a vpn is, and why someone would need it, is probably the point where you should aim to get one in the near future.
The flip side is that if any one of the exit points are monitored by an entity, and your browser traffic can be fingerprinted, they now have you on the radar, and can obtain data matching your fingerprint to a person from sites that collect the data (like online payment sites and banks, and ad aggregators that are partners with shopping sites).
This is explicitly addressed by TOR :
- TOR itself constantly changes routes. An entity that doesn't control all or a very large fraction of all exit nodes will only see occasional glimpses of out traffic.
- You are definitely not alone on TOR, some people simply use it for general anonymity or just for shit and giggles, meaning that your traffic will by mixed with traffic of lots of other people, even on the same exit-node
- TOR is a high latency network (multiple jump point)
- All of the above simultaneously make very hard to correlate input and output traffic.
Which is one way to diminish risks of de-anonymisation.
TOR also provides package with a Tor Browser, which is a special built of Firefox consigured to be as un-noticeable as possible (its fingerprints match an excessively large amount of other browsers), and includes additional measures to block other risk (Flash is blocked and thus a flash App could not be used to de-anonymise).
Means that any information that an entity could collect during the short glimpses on one of its controlled exit node will perfectly match hundreds of thousands of other browsers. (You can't rely on a trick like "which of your users have a browser that has the late 90s font Quake.TTF installed ? Which of these browser has Raetho-Romansh as a listed requested language ?", etc.)
This makes it horribly difficult to use fingerprints to match an user.
Again, If you're not hunted by the NSA, the FSB or the Mossad, chances are you won't be found on TOR.
Last and third peculiarity : .onion addresses.
Some server are entirely on the TOR network and do not require any exit-node to be accessed.
The Piratebay is a known example with http://uj3wazyk5u4hnvtk.onion/
Another one is DuckDuckGo with http://3g2upl4pq6kufc4m.onion/
Traffic to these addresses will NEVER leave the TOR network and cannot be witnessed by adversary-controlled exit-nodes. .onion address will be unblockable.
As such, that's yet a third way de-anonymising is prevented.
Also, these addresses will prevent DNS-based access blocks. (They do not even point to an IP address, DNS are useless). So no matter how often someone tries to block Pirate Bay at the ISP level, the
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
but being able to fingerprint any users who use that exit node as little as once. {...} and check the fingerprint of those requests against big entities like Google, PayPal and banks.
If any of the accesses to a highly illegal source have fairly unique fingerprint that any entity is able to match to a person, you get a court order to search that person's computer for evidence.
(Note: you're answering to the wrong paragraph, I've written about finger printing in the next one).
Yes, but that require a finger-printable browser.
As I've mentioned, the Tor bundle goes to great lenght to make sure that the packaged Tor Browser is as unremarkable as possible.
(Characteristics shared by hundreds of thousands)
Also in the specific case of "high illegal source": if even The Piratebay and Duck Duck Go have .onion addresses (as I've mentioned in my 3rd part), you can bet that the juicy stuff that law enforcement would be aiming (whatever is the current descendant of Silk Road ?) has also an onion address and no exit node will ever see the traffic. There won't be any log to grep.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
An .onion address isn't much help if any part of the rest of the URL is on a special interest list. azix723czou5pTr1k.onion/illegal/content/terrorists_handbook.pdf or th3b9eex7781fgp.onion/vajiralongkorn-buggering-a-pig.png are flags as good as any.
I think you definitely need to document yourself how TOR work in general (and how .onion addresses work in peculiar).
(And also how HTTPS work, by the way)
TOR is a layered encryption scheme (hence the "onion" part of the name).
Each layer is a cryptographic public key layer. Only a node with the corresponding private key can peel a layer and see what is inside.
Inside there might be:
- (for all nodes) another encrypted layer, in which case the node forward it to the next node, identified by the public key in that new layer.
- (for exit nodes) an exit node might find underneath instructions to contact a resource on the regular net
- (for hidden service) an node with hidden service might find underneath instructions to pull data out of its own web server to which it is attached
If the target address is .onion :
in that case, the request NEVER reaches an exit node.
One of the node on the route actually happens to have a webserver attached to it, and when peeling the onion layer, get instruction to return some data from that server, instead of passing the onion to the next node in line.
No exit node will ever see the URL.
Only the hidden server will ever know which file got send.
The only thing I'm simplifying here is the gymnastics in setting up a circuit between the user and the server.
(It's done a way to guarantee each-other's anonymity, both end points have a say on the layers between them).
An exit node might see an URL as you mention, only if : :80 TCP port of the server handling slashdot.org, and then will notice in the plain stream the "GET /path/image.png" stanza. So only in these circumstances does an entity owning an exit node knows exactly which URL you visit.
- it's a genuine web address (like slashdot.org)
- the traffic is in plain unencrypted HTTP.
In this case, the exit node will see a conenction requrest to the
If the traffic is HTTPS : :443 TCP port. But from this point onward, the browser and the web server negociate a connection.
in that case, the exit node sees the conenction to the
Only an entity possessing the private keys of webserver could successfully impersonate the server and pull a man-in-the-middle. Other wise you need to hope that the browser is stupid enough to trust your shady certificate authority (e.g.: You're China, and thus you can issue a certificate for Google.cn signed by the China CA trusted by some gullible browser that hasn't removed this CA yet from their list like any other modern browser) and the user uses no certificate pinning plugin (complaining that the google certificate suddenly isn't signed by Google's own CA but by China).
Without this, the HTTPS is completely opaque. You don't see the full visited URL.
Never mind that the .onion addresses are persistent for long enough that the surveillance teams who also browse the illegal content can easily add them to their own scan lists.
Nice for them to add it to a list but WHAT are they doing to scan with this list ?
No exit node is ever going to observing that URL.
The only place where this URL will be seens is on the log of the actual server.
Either the actual position of this server is unknown.
Or the adversary actually OWNS the server. At which point the logs of the server aren't the biggest problem anymore : now the advesary can honney trap all they want as they control the server.
I think you misunderstand how Tor works. There will always be an exit node.
Nope, no. No, no, no, no.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Or hope that the ones running the exit node doesn't also have thumbscrews on as much as a single entity that issues certificates and is a root CA in the certificate stores of most browsers.
How much are you willing to bet that TLAs in the US cannot get certs issued by one of the many US CAs in order to monitor traffic to a given web site?
Like I've written just after that, it boils down to :
- kicking out CA which are known to issue bogus certificate to third parties (par of the reason why China's CA and a few other got kicked out of every modern browser)
- certificate pinning and various other example of techniques which help make sure that the certificate you're seeing is the right certificate and not a bogus one issued by some government-controlled CA that you happen to trust.
(Such measure can already detect when a content distribution system hasn't synchronized their certificates)
And again, like I've said nearly the top of this discussion : if the NSA, the FSB and the Mossad want your ass, TOR isn't a magic bullet that can save you (and there's no single thing that could save you either). But TOR is nonetheless a step in the right direction that can limit the damage that small player can do (and a building block toward a more comprehensive solution infrastructure that can hamper a bit Mossad-level targetting)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
https://www.linux.com/blog/201...
Free speech was meant to be free for all... how can anyone grow up in a nanny state ?
I got a warning letter from Comcast for Bittorrent less than 2 years ago. I got a VPN service and never got the warnings again.