For the past four months beehaw has been unreachable to those of us on the Tor network. Glad to see access was finally restored. Was there an attack?

I could really use a way to periodically backup my posts to my local disk so if Tor is spontaneously blocked again I at least have my history. I’ve not found a Lemmy equivalent for Mastodon Archive.

(edit) For security, it would be a good idea to setup an onion instance. The Tor network has built-in DDoS protection for onion hosts.

  • Lime Buzz@beehaw.org
    link
    fedilink
    English
    arrow-up
    9
    ·
    1 month ago

    Um, why would you log in over TOR? I thought the whole point of TOR was to be anonymous?

    • debanqued@beehaw.orgOP
      link
      fedilink
      arrow-up
      9
      ·
      edit-2
      1 month ago

      I am anonymous. Only doxxing experts know who is behind my account. Using clearnet makes it trivially simple for doxxers. Activitypub msgs include the IP address of the sending source which anyone with their own instance can see, IIRC.

      But note as well Tor offers more than anonymity. It mitigates tracking by your ISP.

      • Lime Buzz@beehaw.org
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 month ago

        ISP tracking as far as I’m aware can only see the sites you go to, not any of the content etc. As long as they use TLS etc.

        I suppose for some seeing the sites you go to is bad enough though. Personally, I’d use a privacy-centered VPN if I was that concerned rather than TOR since TOR feels less like I should log in with it, but I get what works for me won’t work for everyone.

        • debanqued@beehaw.orgOP
          link
          fedilink
          arrow-up
          3
          ·
          1 month ago

          Indeed the ISP can only see where you go when using TLS, and that data can be aggregated to who you are along with everywhere else you go. It’s sensitive enough that in the US lawmakers decided on whether ISPs need consent to collect that info. Obama signed into force a requirement of ISPs to get consent. Then Trump reversed that. Biden did not reverse it back AFAIK.

          W.r.t VPNs, you merely shift the surveillance point; you do not avoid the surveillance. The VPN provider can grab all that info just as well.

          • Lime Buzz@beehaw.org
            link
            fedilink
            English
            arrow-up
            6
            ·
            1 month ago

            Privacy focused VPNs usually have tech to mitigate that like forgetting as soon as they have gone through the server for example, but I get that can be undone.

            • debanqued@beehaw.orgOP
              link
              fedilink
              arrow-up
              4
              ·
              edit-2
              1 month ago

              It’s worse than being reversible. The problem is that it’s unprovable. A switch from “zero logging” to “log everything” is wholly undetectible to users. You have to rely on blind faith that a profit-driven entity will act in your interest and resist their opportunity to profit from data collection. All you have is trust. Tor avoids that whole dicey mess and reliance on trust.

              • Pup Biru@aussie.zone
                link
                fedilink
                English
                arrow-up
                2
                ·
                edit-2
                1 month ago

                i’d say that yes, it requires some trust of others, however in a lot of cases you can be reasonably confident - independent audits, and a company that has built their whole business on being privacy focused is unlikely to risk their whole business over some metadata

                and even with tor, you’re actually making a similar compromise - your exit node can see the same data that a VPN provider can, but you don’t really know who runs it - you certainly can’t guarantee much of an independent audit

                sorry, i take that last part back - a vpn provider can tie your metadata to you, whilst your exit node can not… but they can still see a decent about of metadata

      • Lime Buzz@beehaw.org
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 month ago

        Oh, if beehaw doesn’t make you sign up with an email account I suppose that makes sense, I forget if it made me, it was long ago.

        Yes, I’m aware there are email anonymisation services, but likely there’s still a list on those sites of what is for who. Unless you used a sign up and forget account, I suppose.

        Anyway, I hope your problem gets solved 🙂

    • ReversalHatchery@beehaw.org
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 month ago

      other points of Tor are locational privacy, censorship avoidance, and hiding your traffic from your ISP. but also, you can be perfectly anonymous on a forum, either by only reading it, or being cautious with what you share

  • PenguinCoder@beehaw.orgM
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 month ago

    Beehaw has not been under active attack, but we do have mitigations in place for suspicious users, based on activity which includes being on a VPN or TOR network.

    • debanqued@beehaw.orgOP
      link
      fedilink
      arrow-up
      1
      ·
      30 days ago

      You say for suspicious users, but for the 4-month stretch of beehaw being unreachable there was no opportunity to login. So there was apparently a user agnostic systemwide change.

      • PenguinCoder@beehaw.orgM
        link
        fedilink
        English
        arrow-up
        1
        ·
        29 days ago

        Actions on site and web traffic/use, behavior to Beehaw indicate suspicious users for our purposes. TOR and VPN use does increase those metrics/probability, but is not the sole determining reason.

  • millie@beehaw.org
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 month ago

    Isn’t TOR kind of shady? Like, mixing your traffic in with a bunch of malicious and potentially actually illegal with good reason traffic?

    • averyminya@beehaw.org
      link
      fedilink
      arrow-up
      9
      ·
      1 month ago

      TOR itself isn’t shady, but it is used by a lot of people wanting to obfuscate various things. I would say that despite its ability to visit .onion website (which are the tip of the iceberg for finding the dark side of the Internet), TOR itself is a positive thing because it allows for that obfuscation.

      I think the most important one is for political journalists and domestic violence victims, both of whom may have reason to keep something private. The way TOR functions, sort of reminds me of the early telephone operators.

      Anyway, my last interesting bit about why I like TOR is that it is used on the Amnesiac Operating System called Tails which can be installed and ran from just a USB drive, and the drive itself plugged into any regular computer is just seen as a standard USB. Since it’s amnesiac, the only data on the computer is in RAM and if you pull the USB out the OS shuts down. It can be set up to store data though, for example files or websites. So between this OS and TOR, one could theoretically avoid tracking software set up on a computer from an abuser.

      Also there’s just a lot of people that like weird niche things. Over 2 million people in Germany use it and it’s got a bit over half a million in the U.S… I imagine a fair portion of that is people selling darknet services of some variety, but I would be surprised if it was even 50/50

      • TehPers@beehaw.org
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 month ago

        I think most of Tor’s users are legitimate, though I would be interested in seeing the actual numbers (if that were even possible). Tor’s awesome for privacy-focused individuals. There’s a ton of tracking done for lower-impact things like advertising and profiling, and for people who feel strongly about that, Tor adds an extra layer (or a few extra layers technically) of privacy.