If I use Tails/tor on public WiFi, and a government agency is controlling /snooping nodes or uses malware to conduct a waterhole attack, what information can they gather about me?
Asked
Active
Viewed 79 times
0
-
1They could compromise your device and install malware at the firmware level, recording everything you do if you fell for a watering hole attack. If you're worried about NSA level attackers, lets just say the outlook is not good, especially if youre asking on stack exchange about it. – john doe Aug 13 '20 at 02:48
-
Well I haven't been compromised yet and this profile is set up using protonmail (which was set up under a vpn) and being accessed via tor.... but i get your point.can a waterhole attack happen if im using tor and have https everywhere plus no script enabled? And they can install malware at a firmware level if im using tails on a bootable usb and there a no harddrive in the computer? – thatsmynickityname Aug 13 '20 at 03:06
-
Yes its 100% possible that there is an 0 day in tor browser, in fact one with maximum noscript settings enabled will go for 2,000,000 dollars from zerodium. There is a huge demand especially from nation groups so it is unthinkable to me that there isnt a currently used exploit available to them. – john doe Aug 13 '20 at 03:08
-
Wow that's crazy! Had no idea! Then what sort of precautions can one take to keep their anonymity safe during a watering hole attack?? – thatsmynickityname Aug 13 '20 at 04:05
-
don't go to the watering hole – john doe Aug 13 '20 at 18:14
-
Well obviously, but any site could be a potential wattering hole right?? – thatsmynickityname Aug 14 '20 at 00:18
-
"Legitimate or popular websites of high-profile companies are usually the focus of watering hole attacks" https://www.techopedia.com/definition/31858/watering-hole-attack – thatsmynickityname Aug 14 '20 at 00:39