Hacker News new | past | comments | ask | show | jobs | submit login

How is anyone going to know you, specifically, briefly logged into an ephemeral VM over Tor?



I'll treat that as an idle question on the technical aspects, not a question about how to evade law enforcement.

There are people on this page talking about logging into other services from there, so I think you can see one very easy way.

If you use a service that says they don't track anything, delete the machine upon logout, and so forth, who do you think will use that box?


I can’t see the easy way you mentioned - could you explain?

I agree that a target of interest could be located to this service, but to correlate activity of two users would seem to require detailed logs from the provider - the logs they claim not to keep.

Also, by visiting a bank, there’s a chance you could end up being mistaken for a bank robber; or by jogging through a neighborhood, there’s a chance you could be mistaken for a thief; etc. We don’t usually give much thought to these possibilities, although they do sometimes happen. Is there any reason to treat this differently?


It's like visiting a bank wearing a balaclava

Sure, it's perfectly reasonable from a privacy perspective but it raises questions: I don't run around showing my passport to everyone (except for my authoritarian government) and yet I drive around with an id that the authorities can link to my identity.

Don't get me wrong, I'm all for removing layers of surveillance, but I will still assume tor users on my website are either trying to hack it or have something to hide from their government.


A 100% valid non-clandestine use of Tor is to enable you to receive incoming traffic without needing to port forward or mess with firewall settings.


Tor's traffic is clandestine.


My post said "use of tor", not "traffic of tor." A VPN is clandestine too.


Yes, a vpn is clandestine. However, it isn't correct to say that Tor's traffic is clandestine (which it is), but using it isn't clandestine. Hiding your traffic's contents is the same as hiding your traffic's contents.


> There are people on this page talking about logging into other services from there, so I think you can see one very easy way.

I assume they are talking about logging into, say, your email, and thus linking the box to you


I will; to perform port scanning and other reconnaissance, to scrape data, and more. Nothing connected to my identity in any way.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: