Im glad we agree. Because its the entire point. You are nitpicking where it suits you and thats not really honest conversation.Tor browser isnt the only way to access tor
TLS is useful very specifically in the case of banking via Tor Browser, which is the most likely configuration the normal general public would use given the advice to access their bank over Tor.
There are entire swaths of the world, billions of people, where phones are basically the only gateways to the inter.
I do not recommend using a smartphone for banking. You’re asking for a huge attack surface & it’s reckless. People will do it anyway but to suggest that people should avoid Tor for banking on the basis that you’re assuming they are using a phone is terrible advice based on a poor assumption. Use Tor Browser from a PC for banking. That is the best advice for normies.
The point is, again, that Tor and specifically exit nodes are more hostile than normal ISP relays.
And again, those hostile nodes get less info than ISPs. They have to work harder to reach the level of exposure that your ISP has both technical and legal privilege to exploit.
Saying selling metatdata that is unencrypted is the same level of malicious as a nation state going after you (life and death) or having your identity or bank account stolen is clearly pretty naive.
Wow did you ever get twisted. You forgot that I excluded targeting by nation states from the threat model as you should. If someone has that in their threat model, they will know some guy in a forum saying “don’t use Tor for banking” is not on the same page, not aligned with their scenario, and not advising them. You don’t have to worry about Snowden blindly taking advice from you.
It’s naive to assume your ISP is not collecting data on you and using it against you. It’s sensible to realize the risk of a honeypot tapping your bank account and getting away with it and regulation E protections failing is unlikely enough to be negligible.
You still have to deal with getting your funds back and paying for stuff to live in the interim.
If you’re in the US, you have ~2-3 bank accounts on avg, and 20 credit cards (US averages). Not to mention the unlikeliness of an account getting MitM compromised despite TLS in the 1st place. Cyber criminals choose the easier paths, just as 3 letter agencies do: they compromise the endpoint. Attacking the middle of a tunnel is very high effort & when it’s achieved they aren’t going to waste it on some avg joe’s small-time bank acct. At best you might have some low-tech attempts that result in no padlock on the user side. But I’ve never seen that in all my years of exclusively banking over Tor.
Thats a bad assumption.
Not in the slightest. Everyone is subject to mass surveillance & surveillance capitalism.
MOST people arent really concerned with it in the western world.
Most people don’t even have a threat model, or know what it is. But if you ask them how they would like it if their ISP told their debt collector where they bank so the debt collector can go do an unannounced legal money grab, you’ll quickly realize what would be in their threat model if they knew to build one. A lot of Corona Virus economic stimulus checks were grabbed faster than debtors even noticed the money arriving on their account.
And thats not a Trump thing. its existed WAY before trump. Snowden showed that and it was Obama, not trump, that went after whistleblowers harder than any predecessor before them.
You missed the source I gave. Obama banned the practice of ISPs selling customer data without their consent. Trump reversed that. That is wholly 100% on Trump. Biden did not overturn Trump, so if you want, you can put some of the fault on Biden.
W.r.t history, echelon predates Snowden’s revelations and it was exposed to many by Nicky Hagar in the 80s or 90s. But this all a red herring because in the case at hand (banking customers accessing their acct), it’s the particular ISP role of mass surveillance that’s relevant, which Trump enabled. Or course there is plenty of other mass surveillance going on with banking, but all that is orthogonal to whether they use Tor or not. The role of Tor merely mitigates the ISP from tracking where they bank, and prevents banks from tracking where you physically are, both of which are useful protections.
Further trying to make this about “party” sides is a bad idea. Its something all parties
You can’t “both sides” this when it’s verifiable that Obama banned the practice and Trump overturned it. While Obama’s hands are dirty on a lot of things (e.g. Patriot Act continuity), it’s specifically Trump who flipped the switch to ISP overcollection. Citation needed if you don’t accept this.
And there are some areas where straight access TOR is illegal and can get you in trouble.
The general public knows your general advice to use/not use Tor is technical advice not legal advice, and also not specific to their particular jurisdiction.
There are entire swaths of the world, billions of people, where phones are basically the only gateways to the inter.
I do not recommend using a smartphone for banking. You’re asking for a huge attack surface & it’s reckless. People will do it anyway but to suggest that people should avoid Tor for banking on the basis that you’re assuming they are using a phone is terrible advice based on a poor assumption. Use Tor Browser from a PC for banking. That is the best advice for normies.
again, the article is about “normies” using tor to get it to lose its stigma… The only way it gets de-stigmatized is for “normies” to use it. The way “normies” access things is vastly different. There are risks to that. And its not just banking. Getting your email account hacked because you used it on a malicious exit node for one reason or another is just as bad, if not worse. Tor exit nodes are wholesale more malicious than your ISP.
I dont know why you are getting hyper fixated on specific use cases that were used as broad examples. Banking isnt the point its the general use of TOR and the risk it brings. Forest for the trees my guy.
TLS is useful very specifically in the case of banking via Tor Browser, which is the most likely configuration the normal general public would use given the advice to access their bank over Tor.
I do not recommend using a smartphone for banking. You’re asking for a huge attack surface & it’s reckless. People will do it anyway but to suggest that people should avoid Tor for banking on the basis that you’re assuming they are using a phone is terrible advice based on a poor assumption. Use Tor Browser from a PC for banking. That is the best advice for normies.
And again, those hostile nodes get less info than ISPs. They have to work harder to reach the level of exposure that your ISP has both technical and legal privilege to exploit.
Wow did you ever get twisted. You forgot that I excluded targeting by nation states from the threat model as you should. If someone has that in their threat model, they will know some guy in a forum saying “don’t use Tor for banking” is not on the same page, not aligned with their scenario, and not advising them. You don’t have to worry about Snowden blindly taking advice from you.
It’s naive to assume your ISP is not collecting data on you and using it against you. It’s sensible to realize the risk of a honeypot tapping your bank account and getting away with it and regulation E protections failing is unlikely enough to be negligible.
If you’re in the US, you have ~2-3 bank accounts on avg, and 20 credit cards (US averages). Not to mention the unlikeliness of an account getting MitM compromised despite TLS in the 1st place. Cyber criminals choose the easier paths, just as 3 letter agencies do: they compromise the endpoint. Attacking the middle of a tunnel is very high effort & when it’s achieved they aren’t going to waste it on some avg joe’s small-time bank acct. At best you might have some low-tech attempts that result in no padlock on the user side. But I’ve never seen that in all my years of exclusively banking over Tor.
Not in the slightest. Everyone is subject to mass surveillance & surveillance capitalism.
Most people don’t even have a threat model, or know what it is. But if you ask them how they would like it if their ISP told their debt collector where they bank so the debt collector can go do an unannounced legal money grab, you’ll quickly realize what would be in their threat model if they knew to build one. A lot of Corona Virus economic stimulus checks were grabbed faster than debtors even noticed the money arriving on their account.
You missed the source I gave. Obama banned the practice of ISPs selling customer data without their consent. Trump reversed that. That is wholly 100% on Trump. Biden did not overturn Trump, so if you want, you can put some of the fault on Biden.
W.r.t history, echelon predates Snowden’s revelations and it was exposed to many by Nicky Hagar in the 80s or 90s. But this all a red herring because in the case at hand (banking customers accessing their acct), it’s the particular ISP role of mass surveillance that’s relevant, which Trump enabled. Or course there is plenty of other mass surveillance going on with banking, but all that is orthogonal to whether they use Tor or not. The role of Tor merely mitigates the ISP from tracking where they bank, and prevents banks from tracking where you physically are, both of which are useful protections.
You can’t “both sides” this when it’s verifiable that Obama banned the practice and Trump overturned it. While Obama’s hands are dirty on a lot of things (e.g. Patriot Act continuity), it’s specifically Trump who flipped the switch to ISP overcollection. Citation needed if you don’t accept this.
The general public knows your general advice to use/not use Tor is technical advice not legal advice, and also not specific to their particular jurisdiction.
Im gonna be honest. I stopped reading here.
again, the article is about “normies” using tor to get it to lose its stigma… The only way it gets de-stigmatized is for “normies” to use it. The way “normies” access things is vastly different. There are risks to that. And its not just banking. Getting your email account hacked because you used it on a malicious exit node for one reason or another is just as bad, if not worse. Tor exit nodes are wholesale more malicious than your ISP.
I dont know why you are getting hyper fixated on specific use cases that were used as broad examples. Banking isnt the point its the general use of TOR and the risk it brings. Forest for the trees my guy.
Have a good one. We’re done here.