How dangerous is it to be a communist in the US? Should I be very hush hush about it? I won’t ever be open about it but I’m just wondering how secretive I should be. Most of my close friends and certain family members know that I am a “Socialist”. I am pretty young and still need to start my life and I don’t want to ruin my chances of anything.
Some precautions I’ve taken are installing a vpn and only going doing commie stuff with vpn on. I’ve separated personal and political social media accounts and never post political stuff on my personal ones. Should I be doing any other things?
Thank you in advance
I’d say it’s only dangerous if you try to make a meaningful change. So leadership position in an influential liberation group or investigative journalism. See: BLM leaders disappeared during Ferguson Riots and Webbs, Hastings, Assange, etc.
Participating in protests, being a member of a communist party, posting dank memes should be perfectly fine because realistically none of those will do anything
I’d also say since recently being a communist while visibly looking East Asian or Russian is also a massive invite to be hate crimed by dipshits
If you wanna beef up your online security I’d recommend using https://tails.boum.org/ . VPN will fail if they decide to sell you out/get hacked
Okay that is interesting I guess I’m safe for now lol. Does tails not need a vpn or anything or is tor enough.
Tor will anonymize you just like a VPN does but better because VPN providers are centralized corporations who can give information away to governments under legal duress. Tor nodes are decentralized (any one can create a Tor node that Tor users can use to anonymize themselves) so it’s safer in that aspect.
The CIA is on tor. https://www.wired.com/story/cia-sets-up-shop-on-tor/
It just says they have a .onion website.
Is Tor a little different than other browsers? I recently tried using it and some websites don’t work as well on it(still works but not as good)
Tor and Tor Browser are two different but related things.
Tor is a router. Once you set up tor, you can set up any application to use the tor connection to connect to websites rather accessing them directly. What this does is that the website that you are connecting to oblivious to your real IP address.
Tor browser is a package of the tor router and a preconfigured browser. It serves two purposes. Setting up tor and the configuring the browser to use it can be difficult for the average user. This package simplifies this process A LOT. The second point is that websites can identify you without knowing your IP address. There is a thing called browser fingerprinting. Using the relatively unique combination of your browser settings, screen size, hardware, etc., websites can deduce your identity. Tor browser comes preconfigured to make this type of fingerprinting difficult.
It’s possible that some website doesn’t display properly in Tor browser. I haven’t used it in a while so I don’t remember what is default setting for JavaScript is.
awesome ill definitely check tor out.
uhhh I’m not a user myself and haven’t learned too much about how it works but I think the general wisdom is Tails by itself is very good and to only add on a VPN if you know how to configure it properly so it actually helps and not hinders your privacy
“if you know how to configure it properly” is key because you actually should not use a VPN if you use tor unless you know exactly what you are doing.
You are creating a common entry/exit point that your government/ISP can monitor, which might make tor less secure at best, and basically obsolete at worst, depending on how you set it up.
Isn’t that only for
You -> Tor -> VPN
?You -> VPN -> Tor
is at least as secure asYou -> Tor
unless the VPN actually tracks you more than your ISP, unless I’m misunderstanding somethingThats not secure AT ALL. By using a VPN before TOR, it means that VPN can read EVERYTHING you do through TOR. If you just use TOR, they cant. Why? Both TOR and VPN send the data encrypted. However, since they are 2 different networks, the encryption is different. Thus, this happens:
Your computer encrypts data using the VPN protocol, sends it to VPN
VPN decrypts the data
VPN encrypts the data using TOR protocol, sends it through the TOR network
TOR exit node decrypts the data and sends it to the server you are connecting to
Do you see the problem here? The VPN can read everything you do, this is not a safe setup. Just use TOR, its safe enough. All your ISP knows when you are using TOR is that you are using TOR, it doesnt know what you are doing on TOR. If that is still a problem for whatever reason, then use TOR bridges, a built in feature of Tails that uses secret TOR entry nodes, thus hiding from your ISP that you are connecting to TOR. This is explained here in detail:
https://tails.boum.org/doc/anonymous_internet/tor/index.en.html#:~:text=Everything you do on the,you are connected to Tor.
I highly recommend you use Tails. Its extremely safe, if im not wrong Edward Snowden used it when he published the NSA leaks, so its definetely safe.
No, what I meant by
You -> VPN -> Tor
is as described in the linked article:Of course, not encrypting the Tor packets locally largely defeats the point of using Tor
I think you dont understand how Tor and VPNs work. All a regular VPN does is create an encrypted network between your computer and the VPN. You send data through that network, VPN decrypts it and send it to a website you are browsing. Regular VPNs arent meant to be used with Tor. Tor does the same thing but with multiple random decentralized servers, which makes it much safer. The Tor encrypted network is between your computer and the Tor exit node. When you are using VPN + TOR, you are using 2 encrypted networks together, one between your computer and the VPN, and another one between the VPN and the Tor exit node. The Tor encryption happens in the VPN, not in your computer, since the VPN is pretending to be your computer and thats how the Tor Network sees it as. What you are saying is setting up a united network between your computer, the VPN and the Tor network, but that is much more complicated and different thing. A regular VPN doesnt work like that and no commercial VPN offers such as a service.
I think I was just unclear. To my understanding, this is the process:
P
is encrypted for Tor and incorporated in a packetT
, which also contains the address for the first Tor node (unencrypted).T
is encrypted for the VPN and incorporated in a packetV
, which also contains the address for the relevant VPN server.V
is sent to the VPN server.V
and can readT
, which contains the unencrypted destination (the first Tor node) and the encryptedP
(which the VPN server cannot decrypt).T
to the first Tor node.Is this still incorrect?
But thats impossible, thats not how Tor and VPNs work. The VPN has to encrypt what you send them, otherwise your ISP can read everything and its pointless. However, the TOR network and the website you are visting cannot decrypt the VPN encription, only the VPN can. Thus, the VPN has to decrypt what you are sending and can read it. Sure, you could have the VPN encrypt the TOR package on top of it, not before it, but no VPN offers that service. Youd have to set up your own server and VPN and besides being a pain in the ass its pointless, since the server has an internet connection and by being your server your ISP would know you are using TOR through the VPN.
deleted by creator
That is true, yes, but also it highly depends on your VPN provider and what you’re avoiding. Since I Imagine most communists want to avoid “the government” and not some specific group:
"Against a global adversary with unlimited resources more hops make passive attacks (slightly) harder but active attacks easier as you are providing more attack surface and send out more data that can be used. " and “If the VPN/SSH server is adversary controlled you weaken the protection provided by Tor.” (i.e. the US may very well give large sums of money and threats to access VPN logs, because at the end of the day, these services operate for money).
I get the increased attack surface, but wouldn’t they be able to get the ISP’s logs if a VPN wasn’t used (i.e. there would be no difference)?
Just wanted to say you are absolutely correct and most people replying to you are giving you bullshit. And they are ignorant or deliberately misleading people.
All ISPs in the US are part of surveillance programs and networks. This is a fact. The CIA/NSA and the FBI as well as local cops can easily access and understand what you are doing on your ISP connection and knowing your ISP provided IP address immediately leads back to you, your credit card and your home address.
Your home ISP keeps records on you going back years, probably at least 5, but potentially forever tied to your account, name, social, etc.
If you use Tor naked on your ISP connection your ISP knows you are a tor user and the NSA knows you are a tor user and your threat profile on the vast naughty lists is elevated.
VPNs may very well be intelligence honey-pots or otherwise compromised. I would suggest foreign VPNs located outside of US/five eyes jurisdiction as an ideal. However, even assuming that VPN XYZ which is located in Switzerland or France is an NSA run honeypot you are doing nothing to worsen your situation. You’re just adding steps to their process of identifying you which is never not a good thing.
They already have full visibility into your traffic from your ISP and can legally subpoena and use that against you in open court (in fact in many cases your ISP will hand it over without a warrant). By using this theoretical NSA honeypot VPN if they trace it back only that far they cannot in open court reveal that unless they want to blow the lid off the fact they’re running that service and have to shut it down and go to the trouble of spinning up a new one (and do this every time they want to do this) or to engage in parallel construction which is difficult and expensive and not always viable. Unless you are an incredibly high value target they’ll know you use tor but be unable to do anything about it.
Let us imagine for a moment you access a communist revolutionary website via tor, however it was compromised by glowies with malicious javascript that manages to get your computer’s IP address and send out a beacon outside of the tor tunnel to try and get your real IP address. On just tor they now have your real IP address. However if you’re using a VPN (and especially if you’re using it in a very secure manner for example via an injector upstream or the tor client is in a virtual machine with no hope of having access to your real internet connection, only the VPN one) they only have your VPN IP address, a shared IP address.
More HOPS is better so long as the final hop doesn’t know who you are.
What is not secure or sane is to use tor as a tunnel and have the final connection made by your VPN. Why? Because your VPN assumedly knows who you are via payment details and it would defeat the point of tor’s anonymity. You could potentially do this safely if you only ever connected to the VPN over tor (including during sign-up and including during sign-up and all use of your connected email address) AND if you paid using a truly anonymous payment method like giftcards bought with cash far from your home or certain cryptocurrencies subjected to anonymization techniques.
So am I right in thinking that, in the
You -> VPN -> Tor
case described in the article, the VPN would only be able to see the address of the first Tor node and the encrypted data to be sent to that node (i.e. as much as the ISP would see without a VPN)?Hm, that makes sense to me. I am not versed well enough in privacy topics to see why that’s not the case, so I think you’re correct. And the more I search, the more people say that yes
You -> Tor -> VPN
does not hinder the tor connection itself and protects the non-tor traffic coming out of your system + people probably trust their VPN way more than their ISP for good reason.I think
You -> Tor -> VPN
is primarily useful to access websites that block or otherwise inconvenience known Tor nodes (Cloudflare…). The best option for most of those who want all traffic to be secure is probably still TAILS (or Whonix, etc.) without a VPN, just because it’s easy to make mistakes. I mainly use VPNs when downloading things because Tor is quite significantly slower