Why not rutracker.org?

reg.ru

As far from US as possible.)

TOR by design is vulnerable to Sybil attacks. In fact, there have been attempts to exploit this vulnerability “in the field”. It is not clear how successful they were. There are some measures taken to prevent such attacks, but none of them guarantee safety. I2p and other p2p networks also suffer from the same problem.

In fact there is only one known way to mitigate Sybil (and alike) attacks. It is to expand the cost of operating in the network so much, that it would not be financially viable to perform it. There are two major way to achieve that: proof-of-work and proof-of-stake.

PoW is what majority of cryptocurrencies do. To operate in the network you need to perform significant calculations. The more calculations you perform the “stronger” your position is. For that you have to invest huge amount of money in hardware and energy to “outperform” other actors. That is what mining basically is.

PoS requires you instead to invest a crypto (or whatever, does not actually matter). The more crypto you invest “the bigger your ‘bank’ account is”, the “stronger” your position is as well. This is what nym and lokinet (technology behind session messenger) do.

deleted by creator

They do require to invest a certain amount of crypto to connect your node to blockchain. This in theory is done to prevent Sybil attacks.

Using VPN over TOR greatly reduces performance. Also, for most cases TOR is enough,. Why would you slap a VPN on top of it?

They also take your IP.

I would not put Nym in the same category as Mullvad and IVPN. It is a new and immature product. I have not heard that they have passed any sort of audit, their claims about non-log policy have not been tested yet.

Their infrastructure is decentralized only in name. In fact, they have the same problem as session, the cost of maintaining a server discourages decentralization so much that no one does that. As a result it nullifies any advantages their mixnet might offer, as chances are all your hops are between the servers of the same owner.

TLS clienthello contains unencrypted string, called SNI, that contains the domain of a destination web site. It must be unencrypted to work, because web sites read this string to determine which certificate to use.

You do not break encryption. It is unencrypted by design.

With all due respect, but it seams to me that you do not quite understand how HTTPS works. For encryption it relies on TLS protocol. And TLS does not encrypt everything, it encrypts only payload, but it also has to share some additional data to even establish encrypted connection. The majority of that work is done by exchanging clienthello and serverhello. To do that client has to clarify what server he is even trying to reach as there can be multiple servers on IP, but they have separate certificates, support different cyphers etc. For that a string “SNI”, that contains domain name is used. Only after client and server exchange all the necessary information encrypted conversation can start. So, by looking into clienthello and reading SNI any MITM can determine what web site are you trying to reach.

It would not be hard at all. China, Iran and Russia already do that. Clienthello is not encrypted and that is all you need.

And ECH would not solve this as you can just block cloudflare-ech (or other, depending on CDN) domain itself and force clients to fallback to non-encrypted clienthello.

Everyone gansta till DPI system is installed.