Privacytools.io: Can someone please explain?

DuckDuckGo: https://github.com/privacytoolsIO/privacytools.io/issues/84
Brave: https://github.com/privacytoolsIO/privacytools.io/issues/161

So both DuckDuckGo and StartPage have servers around the world (in and out of the US). DDG depends on Yahoo and Amazon whereas SP depends on google. Both claim to be private. What's the difference?

@chazzcarp I think it's best to keep this topic in the already mentioned thread #84 🙂

@michaelstandeven when you say the FBI hacked Tor, what do you mean exactly? I heard of several cases where the federal agencies were in control of Tor servers and could track people who were accessing these servers. Could you provide e.g. a link to an article, I would like to read about this, thanks !

FBI hacked Tor is nonsense. @chazzcarp SP uses Google for better results, whereas DDG uses Amazon for hosting.

Tor is a decentralized network based on open-source software which is partially funded by the US government, because they need Tor just as much as we do. You can't hack a network like that, you can compromise the nodes, you can compromise hidden services, but you can't compromise the network. Also, @michaelstandeven, I'd prefer real arguments and not just links to articles which don't support the claim FBI hacked Tor at all.

• https://pando.com/2014/12/26/if-you-still-trust-tor-to-keep-you-safe-youre-out-of-your-damn-mind/
• Not the FBI
• The article quotes a Washington Post article which was updated with some important facts:

Update: In an e-mailed statement, the Tor Project told the Post that the organization is addressing the new relays:
This looks like a regular attempt at a Sybil attack: the attackers have signed up many new relays in hopes of becoming a large fraction of the network. But even though they are running thousands of new relays, their relays currently make up less than 1% of the Tor network by capacity. We are working now to remove these relays from the network before they become a threat, and we don't expect any anonymity or performance effects based on what we've seen so far.

• https://www.youtube.com/watch?v=95QfumZMerM
  Quotes a New York Times article which doesn't mention Tor once. Then it quotes a blog post from 2013 which says
  You can see this for yourself by going to a live listing of Tor servers, like http://torstatus.blutmagie.de/. Only 10% of the servers have upgraded to version 2.4.

• https://securitygladiators.com/2016/11/30/fbi-hacked-tor-users-non-public-vulnerability/?nabe=6214595618537472:1&utm_referrer=https://duckduckgo.com/
• Attack on users
• > Recent reports in the media have revealed that the FBI actually made use of a Non Public Vulnerability in order to hack into machines of suspects who were using an online anonymity service by the name of Tor.

Recent reports in the media? A good journalist would at least add a link to the source(s).

• https://cointelegraph.com/news/tor-developer-flees-us-to-avoid-fbi
  A core Tor developer avoided a subpoena. Tor is in theory unbackdoorable by its nature, many people (core developers, other contributors) are presumably checking the source for backdoors. Backdooring the source would be easy to spot in git. Other core devs would notice this, and even if they would all be subpoenaed, other contributors would notice.

• http://www.idigitaltimes.com/best-alternatives-tor-12-programs-use-nsa-hackers-compromised-tor-project-376976

1. This article says Tor has been compromised as an assumption and their only argument is that a Black Hat 2014 talk was cancelled.
2. The article is absolute nonsense. Best Alternatives to Tor: 12 Programs to Use Since NSA, Hackers Compromised Tor Project:
   > Freepto is yet another software similar to Tor, it is a Linux based OS on a USB stick. It can be used on any computer and any data saved is automatically encrypted. It's easy to use and seems to be geared toward activists.

How is that an alternative to Tor?

Whonix is an anonymous Linux operating system based on the Tor network and works by isolation.

If Tor is Compromised by the NSA and Hackers, how does an OS that routes everything through Tor an alternative?

Tox isn't a full replacement for Tor, but it can serve to provide messaging services.

A full replacement? How is that a replacement at all? Since when is Tor an IM service?

(basically everything they suggest apart from I2P and Freenet is nonsense in the context of alternatives to Tor, so I won't quote the rest, this should be enough to show how bad this article is)

• http://www.ibtimes.com/tor-safe-anonymous-browser-hacked-suspects-keeping-quiet-privacy-advocates-shaken-1645210

1. Again an article that makes huge drama of the attack on TBB and doesn't see the difference between Tor and TBB.
2. Tor != TBB:
   > With that sudden influx, though, came increased scrutiny. First, in July, the FBI acknowledged that it subverted control of Tor

• https://thehackernews.com/2016/04/tor-unmask-malware.html

The agency hijacked and placed Cornhusker on three servers that ran multiple anonymous child pornography websites. The malware then targeted the flaws in Flash inside the Tor Browser.

Tor != TBB. That was a flaw in Firefox. And it targetted TBB users, not Tor.

• http://www.dailydot.com/layer8/government-contractor-tor-malware/
  Same as the previous article.
  Also,

Correction: According to a Tor spokeswoman, Edman did not contribute to Tor's codebase.

And yet the title is still

Former Tor developer created malware for the FBI to hack Tor users

• https://news.bitcoin.com/fbi-tor-developer-torsploit-malware/
  Again, the same as the previous article.

• https://www.linkedin.com/pulse/former-tor-developer-created-malware-fbi-unmask-users-m-shaffer
  Yet again, the same as the previous article.
  Also, further explaination of his contributions:

  Moreover, the team said Edman worked only on the Vidalia project that Tor dropped in 2013 and replaced it with other tools designed to improve the user experience.

(This is said in the previous article as well, with ~2 words different. The articles are basically the same, and some parts practically the same.)