The security of Tor is built on the assumption that one actor owning a majority of the nodes is improbable to the point of being written off as a non-concern. The tool has always been run and maintained by the USA government. When they opened access to the public, they owned the majority of the nodes, and with the amount of compute available to the NSA (look up the size of their official data-centres, add in their hacked bot-farms), it’s almost certain they still do. If it wasn’t their plan to always have supremacy, they aren’t doing their job. The purpose of Tor is to hide traffic from USA’s enemies. A few tens of thousands of private users is just reducing their power bill and painting targets on their own backs, not successfully hiding from the NSA.
There isn’t a 1-step perfect solution as far as I know. You can use Tor in combination with other technologies, and it’ll likely help you avoid a lot of surveillance, just not specifically the NSA. (Also keep in mind anyone/commercial actors can run Tor nodes with the intention of spying on Tor users. You need a lot of nodes to catch anyone, but I wouldn’t assume it never happens).
The main thing is to own your software and hardware, and disconnect what you don’t own from the internet. If you can’t meet those conditions, then it’s impossible no matter how vigilant and knowledgable you are.
My recommendations is to play your computer games on an offline computer via GOG purchases, or if you want Steam games, then just give up on securing that device. Have two networks. Have your secure computers for your general online tasks and chatting, and have the unsecure computer for interacting with DRM and services that lose a lot of functionality if the surveillance vectors are blocked.
Bad attempts at hardening often don’t work, and have the adverse effect of making you more unique for fingerprinting. It might be worth foregoing some hardening advice if you can think of workarounds the hostile actor might use, which you don’t know how to counter-act.
The security of Tor is built on the assumption that one actor owning a majority of the nodes is improbable to the point of being written off as a non-concern. The tool has always been run and maintained by the USA government. When they opened access to the public, they owned the majority of the nodes, and with the amount of compute available to the NSA (look up the size of their official data-centres, add in their hacked bot-farms), it’s almost certain they still do. If it wasn’t their plan to always have supremacy, they aren’t doing their job. The purpose of Tor is to hide traffic from USA’s enemies. A few tens of thousands of private users is just reducing their power bill and painting targets on their own backs, not successfully hiding from the NSA.
I appreciate the explanation. If not Tor, for very obvious reasons you specified, what is the better alternative?
There isn’t a 1-step perfect solution as far as I know. You can use Tor in combination with other technologies, and it’ll likely help you avoid a lot of surveillance, just not specifically the NSA. (Also keep in mind anyone/commercial actors can run Tor nodes with the intention of spying on Tor users. You need a lot of nodes to catch anyone, but I wouldn’t assume it never happens).
The main thing is to own your software and hardware, and disconnect what you don’t own from the internet. If you can’t meet those conditions, then it’s impossible no matter how vigilant and knowledgable you are.
My recommendations is to play your computer games on an offline computer via GOG purchases, or if you want Steam games, then just give up on securing that device. Have two networks. Have your secure computers for your general online tasks and chatting, and have the unsecure computer for interacting with DRM and services that lose a lot of functionality if the surveillance vectors are blocked.
Bad attempts at hardening often don’t work, and have the adverse effect of making you more unique for fingerprinting. It might be worth foregoing some hardening advice if you can think of workarounds the hostile actor might use, which you don’t know how to counter-act.