The "14 Eyes" refers to the SIGINT Seniors Europe (SSEUR) alliance, an extension of the Five and Nine Eyes agreements, where member nations share mass surveillance intelligence. A significant portion of Tor exit nodes (estimated at ~70–80%) are located in these countries, raising concerns about traffic correlation and deanonymization if multiple nodes in a single circuit fall under these jurisdictions.
SIGINT (Signals Intelligence) is the practice of intercepting, decoding, and analyzing electronic signals to gather intelligence. It is the technical backbone of the 14 Eyes
SIGINT is an umbrella term covering three main disciplines:
COMINT (Communications Intelligence): Interception of human communications (phone calls, emails, chat logs, radio traffic). This is what agencies like the NSA (US) and GCHQ (UK) primarily use to monitor internet activity.
ELINT (Electronic Intelligence): Interception of non-communication signals, such as radar emissions, missile guidance systems, or drone control links.
FISINT (Foreign Instrumentation Signals Intelligence): Telemetry data from foreign weapons testing (e.g., speed, altitude, and performance metrics of a missile during a test flight).
more so
Unlike human spies (HUMINT), SIGINT is automated and massive in scale. Collection: Agencies use undersea cable taps, satellite interceptors (like the ECHELON system), and ground stations to capture raw data.
Processing: Supercomputers filter noise and attempt to decrypt encrypted traffic. If decryption fails, they often analyze metadata (who called whom, when, and where) which is often unencrypted.
The "Loophole": As revealed by Edward Snowden, SIGINT alliances allow countries to bypass domestic spying laws. For example, if the NSA is legally barred from spying on a US citizen, it can request the GCHQ (UK) to spy on them and share the data legally.
This is the core function of the SIGINT Seniors Europe (SSEUR) or "14 Eyes" group.
When you use Tor, your traffic is encrypted, but SIGINT agencies can still perform traffic correlation attacks. By monitoring the entry node (via your ISP) and the exit node (via a server in a 14 Eyes country), they can match timing and packet sizes to deanonymize you, even without breaking the encryption. This is why excluding 14 Eyes countries from your exit nodes is a critical defense against SIGINT capabilities.
NSA XKeyscore SIGINT capabilities 2026
Unus Nemo likes this.
Unus Nemo
in reply to Plan-A̵̛͈̬̥̿͋̓͛̕ • •@Plan-A̵̛͈̬̥̿͋̓͛̕
About Tor Exit Nodes and security.
Plan-A̵̛͈̬̥̿͋̓͛̕ likes this.
Plan-A̵̛͈̬̥̿͋̓͛̕
in reply to Unus Nemo • — (0.0.0.0/ 0) •As for my wireguard also, not only SOCKS5
I was shocked when I read that!
And Kodachi OS shows you the exclusions but gotta trust Kodachi OS.
It's Ubuntu but I did things with it back then that many were surprized off, goood thing is his source is open even in the UI you can see the code execute. But I just do not trust him and it's also Ubuntu
Plan-A̵̛͈̬̥̿͋̓͛̕
in reply to Plan-A̵̛͈̬̥̿͋̓͛̕ • — (0.0.0.0/ 0) •And that Kodachi OS is a storefront as well.
But like in chess there is always a little escape route somewhere.
Plan-A̵̛͈̬̥̿͋̓͛̕
in reply to Plan-A̵̛͈̬̥̿͋̓͛̕ • — (0.0.0.0/ 0) •So I've set my proxied SOCKS5 DNS at random mode, behind a wireguard connection.
Unus Nemo
in reply to Plan-A̵̛͈̬̥̿͋̓͛̕ • •@Plan-A̵̛͈̬̥̿͋̓͛̕
I think you missed the point of the article. When browsing to an Onion Site on Tor you do not use an Exit Node. That is the point. So vulnerabilities of Exit Node attacks do not exist. Of course that Onion Site could be corrupted and established by some agency that we do not want to share data with.
Keep the following in mind. This is about privacy and good OPSEC and has nothing to do with evading Law Enforcement Agencies in performing their duties. If you are doing something illegal, which I do not, then there are going to be other attack vectors they can get to you with. If a government agency was to make an Onion Site it would likely be to entrap those trying to do something illegal so we would never have a reason to go to such a site. So they do not matter to us.
Of course it takes a while to accumulate a lot of good Onion Resources so most people do not use them. This is where Exit nodes come into play and the security risk they subject you to. Though if you are browsing Tor and not going to non-Onion sites then Exit Node telemetry does not exist.
Read the article again, I think you missed the point entirely.
Plan-A̵̛͈̬̥̿͋̓͛̕ likes this.
Plan-A̵̛͈̬̥̿͋̓͛̕
in reply to Unus Nemo • •@Unus Nemo
Thanks for pointing that out.
Unus Nemo likes this.
Unus Nemo
in reply to Plan-A̵̛͈̬̥̿͋̓͛̕ • •@Plan-A̵̛͈̬̥̿͋̓͛̕
You missed the important part. The part where I stated that if you were not going to non-Onion sites (the ones with the long string followed by a .onion for an url) then there is no telemetry. There is telemetry of course if you leave the Tor Infra structure by going to a non-Onion site. The way you quoted it sort of left that out 😉.
Plan-A̵̛͈̬̥̿͋̓͛̕ likes this.
Plan-A̵̛͈̬̥̿͋̓͛̕
in reply to Unus Nemo • — (0.0.0.0/ 0) •For me is about privacy only as I don't do illegal shit nor can they find any nasty on me and for the rest security.
Unus Nemo likes this.
Unus Nemo
in reply to Plan-A̵̛͈̬̥̿͋̓͛̕ • •@Plan-A̵̛͈̬̥̿͋̓͛̕
I was saying us in a universal way much like the use of the universal you. When I am on Tor it is usually to go to political sites and they are Onion resources. I do not use Tor to navigate ordinary websites. That is just a bit to paranoid for me 😉. Besides it adds a lot of latency and breaks some features on many sites. Especially if you have JavaScript disabled. Which is good OPSEC on Tor but not really needed for social media and other sites were privacy is not a big deal. Let me make this very clear. We go to social media sites to be social. If you are expecting privacy on an International Network were people are sharing social content then I believe that is just ridiculous to be honest. If you want privacy then do not post on Social Media. Now that is not to say that you have to share information about yourself, as most people do. And on the Fediverse we do not require the sharing of your personal information. Which is why a lot of people prefer Fedi over Meta.
Plan-A̵̛͈̬̥̿͋̓͛̕ likes this.
Plan-A̵̛͈̬̥̿͋̓͛̕
in reply to Plan-A̵̛͈̬̥̿͋̓͛̕ • — (0.0.0.0/ 0) •I just read your edit and yeah indeed don't even make an account then or mail account even
Unus Nemo
in reply to Plan-A̵̛͈̬̥̿͋̓͛̕ • •@Plan-A̵̛͈̬̥̿͋̓͛̕
Tor over VPN is a total waste of time and creates far too much latency. If you feel you have to mask your use of Tor then just use a bridge. People seriously do not understand what VPNs are, what they were really made for, and why they are not great for security. Though they can get you past some regional blocks on the internet that is about the extent of their usefulness. Unless you are setting up your own VPN (which requires a publicly available server such as my VPS) to use the VPN for what it was actually made for.
The VPN privacy thing is a scam even when most of the net was http and not https. The reason being is that just like when you leave a Tor exit for a http site the connection between the Tor exit and the site is not encrypted. The same applies to VPN. As soon as you connect to a site that is not encrypted from your VPN you lose encryption. Now, if you are connecting to a https site, then you do not need to the VPN for encryption and you are just subjecting yourself to unneeded latency for no reason.
So-called security experts that are really just trying to sell you a service have totally misrepresented what a VPN is and its uses. I have entire books on VPNs if you are interested. OpenVPN also has some great documentation. The VPN for privacy is just smoke and mirrors that knowledgeable users do not fall for. It is like Anti-Virus on Gnu/Linux which is a scam as well, just to sell a product. I am not talking about Anti-Virus on servers to protect against their spreading viruses to MS/Windows machines connected to them such as Clam. I am talking about the BS anti-virus programs that really do nothing on Gnu/Linux there are other ways to protect yourself on Gnu/Linux that does not exist on Older MS/Windows but they are starting to add some features since MS/Windows Vista. Though most users disable these features on MS/Windows because they are inconvenient so they do not benefit from them. I am not implying that there are no security vulnerabilities on Gnu/Linus as there certainly are. They are just managed very differently than on MS/Windows. With stricter ACL then most home MS/Windows users have turned on and SELinux or Apparmor. And by just practicing good OPSEC.
Keep in mind that most Anti-virus software is mostly required because of proprietary software. When source code is available and can be vetted you do not need Anti-virus to scan files looking for attacks. Because they are in a binary format you cannot vet. With Open Source Software you can just read the code, no scanners required.