For the past four months beehaw has been unreachable to those of us on the Tor network. Glad to see access was finally restored. Was there an attack?

I could really use a way to periodically backup my posts to my local disk so if Tor is spontaneously blocked again I at least have my history. I’ve not found a Lemmy equivalent for Mastodon Archive.

(edit) For security, it would be a good idea to setup an onion instance. The Tor network has built-in DDoS protection for onion hosts.

  • debanqued@beehaw.orgOP
    link
    fedilink
    arrow-up
    3
    ·
    1 month ago

    Indeed the ISP can only see where you go when using TLS, and that data can be aggregated to who you are along with everywhere else you go. It’s sensitive enough that in the US lawmakers decided on whether ISPs need consent to collect that info. Obama signed into force a requirement of ISPs to get consent. Then Trump reversed that. Biden did not reverse it back AFAIK.

    W.r.t VPNs, you merely shift the surveillance point; you do not avoid the surveillance. The VPN provider can grab all that info just as well.

    • Lime Buzz@beehaw.org
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 month ago

      Privacy focused VPNs usually have tech to mitigate that like forgetting as soon as they have gone through the server for example, but I get that can be undone.

      • debanqued@beehaw.orgOP
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        1 month ago

        It’s worse than being reversible. The problem is that it’s unprovable. A switch from “zero logging” to “log everything” is wholly undetectible to users. You have to rely on blind faith that a profit-driven entity will act in your interest and resist their opportunity to profit from data collection. All you have is trust. Tor avoids that whole dicey mess and reliance on trust.

        • Pup Biru@aussie.zone
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          1 month ago

          i’d say that yes, it requires some trust of others, however in a lot of cases you can be reasonably confident - independent audits, and a company that has built their whole business on being privacy focused is unlikely to risk their whole business over some metadata

          and even with tor, you’re actually making a similar compromise - your exit node can see the same data that a VPN provider can, but you don’t really know who runs it - you certainly can’t guarantee much of an independent audit

          sorry, i take that last part back - a vpn provider can tie your metadata to you, whilst your exit node can not… but they can still see a decent about of metadata