Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

From the article:

  Is it safe?
  Nobody ever got arrested for choosing segfault.net.
Take a close look at how that question isn't answered. It's best not to do any work on these, where you need to trust the platform. You might even get blamed for people's actions on their box next to you.

Not much remains outside of this being a honeypot or for criminals.



> Take a close look at how that question isn't answered.

I think that's the joke. I prefer this non-answer over a long-winded bullshit answer that ultimately means nothing.


This is a pun on the phrase "Nobody ever got fired for choosing IBM". Don't read too much into it...


That's the thing. You might just end up with Big Blue coming after you.


> It's best not to do any work on these, where you need to trust the platform.

I don't mean to be snarky, but I don't think the target audience for these servers trusts them one bit, and the operators know this.


Of course, with no further information you should not use it for real data production work but I'm fine with that limitation.


The other part is that you may be liable for how others use these boxes, just by your logging into one. It's not only whether you use one at work.


How is anyone going to know you, specifically, briefly logged into an ephemeral VM over Tor?


I'll treat that as an idle question on the technical aspects, not a question about how to evade law enforcement.

There are people on this page talking about logging into other services from there, so I think you can see one very easy way.

If you use a service that says they don't track anything, delete the machine upon logout, and so forth, who do you think will use that box?


I can’t see the easy way you mentioned - could you explain?

I agree that a target of interest could be located to this service, but to correlate activity of two users would seem to require detailed logs from the provider - the logs they claim not to keep.

Also, by visiting a bank, there’s a chance you could end up being mistaken for a bank robber; or by jogging through a neighborhood, there’s a chance you could be mistaken for a thief; etc. We don’t usually give much thought to these possibilities, although they do sometimes happen. Is there any reason to treat this differently?


It's like visiting a bank wearing a balaclava

Sure, it's perfectly reasonable from a privacy perspective but it raises questions: I don't run around showing my passport to everyone (except for my authoritarian government) and yet I drive around with an id that the authorities can link to my identity.

Don't get me wrong, I'm all for removing layers of surveillance, but I will still assume tor users on my website are either trying to hack it or have something to hide from their government.


A 100% valid non-clandestine use of Tor is to enable you to receive incoming traffic without needing to port forward or mess with firewall settings.


Tor's traffic is clandestine.


My post said "use of tor", not "traffic of tor." A VPN is clandestine too.


Yes, a vpn is clandestine. However, it isn't correct to say that Tor's traffic is clandestine (which it is), but using it isn't clandestine. Hiding your traffic's contents is the same as hiding your traffic's contents.


> There are people on this page talking about logging into other services from there, so I think you can see one very easy way.

I assume they are talking about logging into, say, your email, and thus linking the box to you


I will; to perform port scanning and other reconnaissance, to scrape data, and more. Nothing connected to my identity in any way.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: