I found out an unpleasant fact about Tor during last year.
As people in [tor-relays] Police request regarding relay - tor-relays - Tor Project Forum thread say, police officers use Tor Browser’s Tor Circuit widget to collect public tor relay operator addresses and then send them requests about user data.
Not every relay operator is good at law. They can just answer police’s request with actual IP addresses of Tor users/previous relays and other sensitive information in place.
Out of curiosity, I opened Circuit widget and it turned out that, in many cases, all relays and exit nodes were from Germany! Only one relay, which is German, and one exit node from Germany.
That is [due to tor developers], lucky German officials can collect huge amount of real visitors for specific sites over a short period of time.
I’m serious about making I2P as a default profile in my Whonix. Tor does not protect you against building same-country path from relay to the exit node, but I2P does (it uses a different terminology, but it provides such a protection in effect). See official I2P info: Strict Countries - I2P :
You’re failing to understand their strategy. If Tor was anti-government, the government could just ban running of Tor and alike software as it had happened already in many countries.
No countries that allow running Tor would mean no more Tor network.
By making law enforcement how to use Tor as a user, the government will be dependent on Tor. Due to the own interest of the government to use Tor, they won’t ban Tor.
And the government cannot make their own Tor for themselves either because then everyone would always know it’s the government due to lack of other users to hide among.
Training law enforcement to use Tor as a user doesn’t reduce the anonymity of other Tor users.
I clearly understand that you are not a native speaker and may misinterpret the information the Tor Project shares about itself, but, please, try to read carefully their words - they don’t tell us about “how to use [Tor as an ordinal user]” but “how to use [Tor] to conduct [police] investigations”:
What is one of the main activities during any police investigation against internet users? The answer is obvious - their de-anonymization. Period.
Another question which may come up - if they help ordinal users be anonymous and “are happy” to collaborate with police to de-anonymize ordinal users, which group of mentioned actors has the highest priority for the Tor Project then?
Hence, when police comes into action, the goal of the Tor Project is to help police investigation in this case.
The Tor Project has way too close relationships with the government’s subordinate organizations - and, given German Police requests regarding relay, frequent {germany} → {germany} → {germany} circuits in TB worry many ordinal users, whereas Tor developers leave such worries unaddressed.
Police requests inside the same country need lesser bureaucracy compared to international requests, so all-domestic TB circuits, in theory, can be quickly de-anonymized.
They help German Police because all-domestic TB circuits comprise a significant share in whole European Tor traffic. If all two German relay operators and the exit node operator are agree to transmit user and log data to the police, there are no obstacles preventing police from de-anonymization of users.
Back in 2013, a typical circuit might contain 4 - 6 nodes from different countries. Nowadays, even one relay and one exit node inside the same country are not rare. Right now, I see two German flags and a site being visited right after them in my tor circuit widget.
I2P typically includes from 6 to 8 routers being node equivalents of Tor.
I think there’s much more fun in being a NSA employee when they see the whole circuit is made of only two elements.
The ticket you have mentioned contains obsolete information:
Oh! And as a workaround, if none of the above issues concern you, then you can get something close to what you want here by splitting countries with lots of Tor nodes into two halves, and saying EntryNodes {aa},{bb},{cc},… ExitNodes {nn},{oo},{pp},… You’ll need to use Tor 0.2.3.x for support for country codes in your EntryNodes list, and you might want to decide whether to use “StrictNodes 1” to make sure that Tor forbids circuits you don’t want even when they would be needed to connect to a directory or hidden service.
This no longer works according to recent Tor Project: manual, which says that “StrictNodes applies to neither ExcludeExitNodes nor to ExitNodes, nor to MiddleNodes”. Tor devs deprecated it.
While that statement may sound alarming it does not necessarily mean what you think it means. While I would not trust them for absolute anonymity there have been VPN services that have accepted questioning by police or other government and have been unable to furnish logs implicating anyone. So in that case they are ‘compliant’ with authorities. If you have evidence of Tor Project staff doing something else please present it.
Yes, One case i know the FBI set with one of I2P devs and started discussing how I2P design and how it works (The dev himself told me that personally).
So to avoid such police, its very hard, check cryptoparty in germany, or riseup…etc how many times got into police talk whether willingly or unwillingly.
This is unavoidable situation in nowadays countries sadly, but still nothing can be confirmed as a breach to the anonymity by just sitting with the police.
Only One of numerous developers living around the world, but not the whole I2P project. There two I2P clients, written in Java and C++, which are developed by independent developers living in non-allied countries.
Tor Project, as a whole, claims they are police collaborators.
Tor Project responded that the reason for that de-anonymization had been the use of their software without Vanguard:
However, a local Whonix forum user @JesusLucasfound that Vanguard was effectively broken by Tor developers some nine months ago and all this time successful de-anonymization attacks were possible.