+ Reply to Thread
Results 1 to 15 of 15

Thread: The TOR browser: How to go Anonymous Online

  1. Link to Post #1
    Canada Avalon Member Fellow Aspirant's Avatar
    Join Date
    6th July 2011
    Location
    Kingston, Ontario
    Age
    73
    Posts
    1,104
    Thanks
    6,038
    Thanked 5,595 times in 1,002 posts

    Default The TOR browser: How to go Anonymous Online

    Whether you're just curious (who isn't?) about Tor, or would like to know how to get started using it, here's a recent article from "Wired" written by Andy Greenberg, that should fill the bill for you ...

    Original link: https://www.wired.com/story/the-grand-tor/

    The Grand Tor: How to Go Anonymous Online

    Fifteen years have passed since a couple of MIT grads and a Navy-funded researcher first built The Onion Router, or Tor, a wild experiment in granting anonymity to anyone online. Today, Tor has millions of users. The original project has been endlessly hacked on, broken, and fixed again. While imperfect, it remains the closest thing to a cloak of anonymity for internet users with a high sensitivity to surveillance, without needing serious technical chops. And it’s stronger and more versatile than ever before.

    Tor protects your identity online—namely your IP address—by encrypting your traffic in at least three layers and bouncing it through a chain of three volunteer computers chosen among thousands around the world, each of which strips off just one layer of encryption before bouncing your data to the next computer. All of that makes it very difficult for anyone to trace your connection from origin to destination—not the volunteer computers relaying your information, not your internet service provider, and not the websites or online services you visit.

    Earlier this month, Tor announced an update to its so-called onion services, which use Tor’s anonymizing features to hide not just individual people on the web, but servers too, allowing for so-called dark web or darknet sites and other services that can’t be physically traced to any locatable computer. Beyond merely covering your tracks as you visit websites, the new feature has opened Tor up to a new range of applications, enabling a new generation of whistleblowing platforms and new forms of untraceable messaging. Tor’s update has made those onion services less easily discovered and strengthened their encryption.

    That overhaul should cement Tor’s reputation as an indispensable anonymity tool, says Marc Rogers, a security researcher for tech firm Cloudflare, who has also worked on a still-in-development Tor-based network router project himself. “It’s still pretty much the only game in town,” he says. “After this update, I can say that yes, Tor is the best privacy tool out there.”

    Here's how you can use Tor today, whether you want to want to browse controversial sites in peace, or send messages the NSA can't peep:

    Web Browsing

    The most basic—and by far the most common—way to use Tor is to simply download, install, and run the TorBrowser from the Tor Project’s website. Like other Tor apps, it routes all its traffic over Tor, so that you're browsing the web truly incognito: The sites you're visiting see you as emerging from a random point on the internet and thus can't trace your true IP address or your associated identity.

    Aside from making government or other targeted surveillance much more difficult, the TorBrowser also functions as a powerful anti-censorship tool for people in countries like Iran and China, since it hides any direct connection to domains like Google, Facebook, and Twitter that oppressive regimes often block. Be aware, however, that the final computer routing your traffic to a destination website in that three-hop system, known as an “exit node,” can see all of your activity as you connect to a website, even if it doesn’t know where that activity comes. Privacy experts warn that law enforcement, intelligence services, and malicious hackers run their own exit nodes for exactly that surveillance purpose. It's critical, then, for Tor users to only visit HTTPS-protected websites to ensure that the information that passes between the browser and the site remains encrypted.

    Some popular websites have now even started to run their own Tor onion services, including Facebook and Pro Publica. That means they're essentially hosting a site on Tor's network, so that you can visit through the TorBrowser and your traffic remains encrypted all the way to its destination, with no need to trust an exit node.

    Messaging

    It’s easy to route not just your web browsing over Tor, but instant messaging, too. The Tor Project offers a program called Tor Messenger, which allows you to combine Tor with the chat protocols Jabber, IRC, Google Talk, and others. That means your connection to whatever server is running that chat service routes over Tor, so that the server can’t in theory identify your IP address or location.

    Another app called TorChat goes a step further, allowing you to instant message using servers that themselves run as Tor onion services, which can only receive incoming connections through Tor. With that setup, who might want to compromise the messages can't locate the servers that host them. And a next-generation tool called Ricochet takes the IM implementation of Tor yet another step, cutting servers out of the picture altogether. Instead, it turns your computer (or the computer of the person you’re talking to) into an onion service, so that you can connect directly through Tor without any middleman.

    A slower but more widely used and well-audited way to route communications over Tor is SecureDrop. Taking a cue from WikiLeaks and originally coded by the late internet activist Aaron Swartz, SecureDrop allows anyone to host an anonymous dropbox for sensitive information. Dozens of news organizations now use it to solicit tips and leaked documents from whistleblowers, including The New York Times, The Washington Post, The Guardian, and of course WIRED.

    For larger file transfers, an application called Onion Share essentially allows anyone to turn their computer into an onion service that anyone can connect to directly to download files, just as they might from a website—but without leaving any trace of their identity.

    Everything Else

    Instead of trying to route any particular app over Tor, why not route all your internet data over the Tor network? That's the pitch of products like Anonabox and Invizbox, small, portable routers that run Tor and are designed to siphon every packet that leaves or enters your computer over that protected network. But those routers—particularly Anonabox—have been criticized for security flaws.

    Some security experts warn against routing all your data over Tor anyway. While Tor can effectively hide your IP address, the regular course of anyone's web browsing invariably includes sharing identifying details, which could defeat the purpose of using an anonymity tool in the first place.

    Better still, in those cases, is an entire Tor-based operating system called Tails, an acronym for The Amnesiac Incognito Live System. The primary benefit of Tails has more to do with security than privacy; you can run it off of a USB drive, which once removed, leaves no trace on the computer that ran it, making it virtually impossible to install malware on the user's machine. But as an added bonus, it also routes all data over Tor, adding an extra layer of anonymity. The system is secure enough that it's been listed as a trouble spot for the NSA in documents leaked by Edward Snowden—and Snowden has also said that he uses it himself to avoid surveillance by his former employer.
    And if it's good enough for him, it's probably good enough for you.

    The Wired Guide to Digital Security

    • More Tips for Public Figures: After you've taken a tour of Tor, encrypt everything, sign up for Google Advanced Protection, and deploy physical measures to increase your digital security.

    • Tips for Regular Users (the Hackers are Still Circling): Master passwords, lock down your smartphone, keep yourself secure from phishers, know how to deal with getting doxed, and, if you have kids, keep them safe online.

    • Professionals Are After You. Time to Get Serious: If you think they’re onto you, remove the mic from your devices, find bugs, and (worst case scenario) dive down the paranoia rabbithole.

    Related Video
    See the video in the original post using this link:

    https://www.wired.com/story/the-grand-tor/


    Security
    How to Get Started with Encrypted Messaging


    It’s 2017! It’s time to start using an encrypted messaging app. Why? Using end-to-end encryption means that no one can see what you’re sharing back and forth.


    Cheers,
    Brian
    Last edited by Fellow Aspirant; 12th December 2017 at 03:46.
    A human being is a part of the whole, called by us "Universe," a part limited in time and space. He experiences himself, his thoughts and feelings as something separate from the rest—a kind of optical delusion of his consciousness.

    Albert E.

  2. The Following 16 Users Say Thank You to Fellow Aspirant For This Post:

    angelfire (12th December 2017), Ben (12th December 2017), Bill Ryan (12th December 2017), enigma3 (12th December 2017), Ewan (12th December 2017), gaiagirl (14th December 2017), genevieve (12th December 2017), kfm27917 (28th January 2021), Lefty Dave (12th December 2017), palehorse (27th January 2021), PathWalker (12th December 2017), Star Tsar (13th December 2017), Sunny (12th December 2017), Tintin (15th December 2017), TomKat (10th December 2021), toppy (12th December 2017)

  3. Link to Post #2
    UK Avalon Founder Bill Ryan's Avatar
    Join Date
    7th February 2010
    Location
    Ecuador
    Posts
    34,268
    Thanks
    208,959
    Thanked 457,534 times in 32,788 posts

    Default Re: The TOR browser: How to go Anonymous Online

    Yes, I use TOR quite often. In simple terms, it disguises one's IP address, making it appear you're in a totally different country.

    Download here. It's just like Firefox, built on exactly the same platform.

  4. The Following 9 Users Say Thank You to Bill Ryan For This Post:

    Ben (12th December 2017), enigma3 (14th December 2017), Fellow Aspirant (12th December 2017), gaiagirl (14th December 2017), genevieve (12th December 2017), Lefty Dave (12th December 2017), palehorse (27th January 2021), Tintin (15th December 2017), WTHTLight (12th December 2017)

  5. Link to Post #3
    Unsubscribed
    Join Date
    23rd June 2013
    Location
    North America
    Age
    72
    Posts
    6,884
    Thanks
    12,723
    Thanked 29,293 times in 6,140 posts

    Default Re: The TOR browser: How to go Anonymous Online

    I suppose if one wants or not some way to say the FBI doesn't have a right to do a seizure/search warrant on one's computer, then keeping away from Tor and not installing it makes sense. Here is some logic from articles below which may or may not weigh one's decision ..

    Here is an article that points out some legal stuff that the Feds snuck through; normally one would say (or believe), "right to privacy" rights shall never be violated... (pure statement obviously but never practiced in reality.. and certainly a reason why folk would most likely say, "give me liberty, or...").. To flagrantly raise flags in hope of "being anonymous" in some situations may not be the wisest things to do if one cares to truly lay low.

    Absent action by U.S. Congress, the rule change (pdf) went into effect in December. The FBI will now be able to search computers remotely—even if the bureau doesn’t know where that computer is located—if a user has anonymity software installed on it.

    (The corresponding pages in regards to the rule change have since apparently been removed from all official government websites, despite the rule change being publicized, and can no longer be found on those "official sites".) However this was immediately cached elsewhere..

    "The rule changes, which the FBI said were necessary to combat cyber crime, come amid escalating tensions between the intelligence community and technology and privacy advocates, and just a day after the U.S. House of Representatives advanced a bill that would require the government to obtain a probable cause warrant from a judge before seizing data stored with tech companies such as Facebook, Google, and Dropbox."

    “Whatever euphemism the FBI uses to describe it—whether they call it a ‘remote access search’ or a ‘network investigative technique’—what we’re talking about is government hacking, and this obscure rule change would authorize a lot more of it,” said Kevin Bankston, director of the policy advocacy group Open Technology Institute (OTI), which previously testified against the changes."

    Rule change: http://www.supremecourt.gov/orders/c...rcr16_8mad.pdf Supreme court order - this was taken OFF-LINE from the Supreme Court website (hidden?)

    However, numerous caching repositories got a copy of it quickly and helped keep it from being hidden, out of sight, and able to be used "when needed" ..

    This earlier in the doc talks about the ability to "issue such search and seizure" (the warrant) anywhere in the world, not just the US..

    The terminology includes "suspected of any criminal activity" as grounds. (the justification is, if suspected they say they have a right to "search and seize" to see if their beliefs are correct) - what happens to one's computer then? Presumed "guilty" at the outset by having raised a "flag", a trip that potentially illegal activity may be forthcoming (or has been) ?


    Rest of the article:

    Quote “Congress should stop this power-grab in its tracks and instead demand answers from the FBI, which so far has been ducking Congress’ questions on this issue and fighting in court to keep its hacking tactics secret.”

    As of April, over one million people use Tor just to browse Facebook, the social media platform noted in a blog post.

    Chief Justice John Roberts submitted the change to Congress as part of the court’s annual collection of amendments to the Federal Rules of Criminal Procedure, which inform every federal prosecution in the country.

    In its current incarnation, Rule 41 stipulates that magistrate judges can only authorize searches within their own jurisdiction. The amendment would allow them to issue warrants to hack into and seize information on a computer if its location has been “concealed through technical means.” And according to The Guardian, with this rule change,

    “..the FBI could get authority to infiltrate any computer – regardless of the owner.”

    Sen. Ron Wyden (D-Ore.), one of the more outspoken privacy advocates in Congress, slammed the proposal as a “sprawling expansion of government surveillance” and called on Congress to reject it.

    “These amendments will have significant consequences for Americans’ privacy and the scope of the government’s powers to conduct remote surveillance and searches of electronic devices,” Wyden said in a statement. “Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once; and the vast majority of the effected computers would belong to the victims, not the perpetrators, of a cyber crime.”

    “These are complex issues involving privacy, digital security and our Fourth Amendment rights, which require thoughtful debate and public vetting,” Wyden said. “Substantive policy changes like these are clearly a job for Congress, the American people and their elected representatives, not an obscure bureaucratic process.”
    I suppose doing a websearch for these key words may be useful if one wants to understand more about what may happen going "anonymous" to download and use tor.

    A few Keyword search terms (not inclusive):
    • is using tor illegal in the us
    • being flagged for using tor
    • NSA watch list tor
    • FBI watch list tor
    • x-keyscore tor
    • extremist flagged for using tor

    That last one brings up some interesting reads - for instance:

    https://www.digitaltrends.com/comput...rs-extremists/ - NSA labels Linux Journal readers and Tor and Tails users as extremists

    Linux Journal readers? Gees...


    Quote Fans of Tails (The Amnesic Incognito Live System) Linux operating system use it because of the well-documented security and anonymity features it provides. The system utilizes a Tor browser, which also affords more anonymity to users while browsing sites on the web. The Linux Journal is a monthly technology magazine and news site that focuses on topics related to Linux and open source programs.

    Linux fans are typically outspoken about the OS, and are quick to argue the benefits with OSX and Windows users. They have developed a reputation for being champions of open source and anonymity when computing. Tails and Tor users are not only fans of the OS, but are also focused on security.

    The NSA recently became interested in these users’ activity, reportedly labeling Linux Journal Readers and Tor and Tails users as extremists, according to Techspot.
    You can learn about what x-KeyScore does HERE: https://nsa.gov1.info/dni/xkeyscore.html

    Also - this link is a useful read too - http://daserste.ndr.de/panorama/aktu...us,nsa230.html "NSA targets the privacy-conscious
    von J. Appelbaum, A. Gibson, J. Goetz, V. Kabisch, L. Kampf, L. Ryge" - this article explains how one of the ways TOR "anonymity" is compromised by the NSA, targeting the so called "anonomizers".

    Quote "Yes, I recognize the IP address of my Tor server called 'gabelmoo'." he said. "Millions of people use it to stay safe online, and by watching the server and collecting metadata about its users, those people are put at risk."

    The rule shown to Hahn, published below, has a fingerprint called 'anonymizer/tor/node/authority'.

    The fingerprint targets users who connect to Gabelmoo and other Tor Directory Authority servers. In Germany, the Tor Directory Authorities like Gabelmoo that are specifically targeted by XKeyscore rules are in Berlin and Nuremberg.

    Additional targets are located in Austria, Sweden, the United States, and the Netherlands.
    in other words, NOT ANONYMOUS ... the title to the thread [..] How to go anonymous online I think is a great christmas wish.. NSA in other words, plus the "tools" that the FBI has, and "authority" to "spy", removes anonymity, and the TOR system gets one flagged.. Why does one want to get flagged? Why would one do that?

    Quote Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search.

    Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA.

    Among the NSA's targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states.

    The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts.

    It also records details about visits to a popular internet journal for Linux operating system users called "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".

    Curiosity? I suppose there are others out there "curious" about one's curiosity.. who play awfully dirty..
    Last edited by Bob; 12th December 2017 at 17:44.

  6. Link to Post #4
    Canada Avalon Member Fellow Aspirant's Avatar
    Join Date
    6th July 2011
    Location
    Kingston, Ontario
    Age
    73
    Posts
    1,104
    Thanks
    6,038
    Thanked 5,595 times in 1,002 posts

    Default Re: The TOR browser: How to go Anonymous Online

    Wow. Thanks for this info (and cautionary note) Bob. Much appreciated. Citizen surveillance is far more advanced than I thought, in terms of it's having beeen made legal. The apparatus of the State is not afraid of openly intruding into private/personal matters and then claiming that it's legal - because they have made it so. The postion of "If you're not doing something illegal, then why do you need privacy?" has come a long way. It is prepared to argue the most extreme insanity in a court of law. Yes.

    Is it willing and able to "preemptively" search the computers of everyone who uses Tor, though? That's a tougher question. There are about 4 million users of Tor, world wide, and while the NSA probably has the capability to launch spiders algorithms to compile a data base of said downloaders, whether this database would in and of itself constitute red flags that would trigger "investigations" is highly doubtful. More likely, I think, is that a person or organization would already be on the surveillance radars and being a Tor user would only be a part of a reason for more careful scrutiny. If you are already on the NSA "Hmmmm ... " list, you have more problems than being Tor user would suggest. In the meantime, the user can be using Tor for keeping smaller dogs off the scent.

    There are a myriad of reasons that people use Tor, however, some of which are actually supported by the likes of the FBI and the NSA, which seem to have a love-hate relationship with it. Here's an excerpt of such, from Wikipedia (bold text mine)

    "Tor enables its users to surf the Internet, chat and send instant messages anonymously, and is used by a wide variety of people for both licit and illicit purposes.[47] Tor has, for example, been used by criminal enterprises, hacktivism groups, and law enforcement agencies at cross purposes, sometimes simultaneously;[48][49] likewise, agencies within the U.S. government variously fund Tor (the U.S. State Department, the National Science Foundation, and – through the Broadcasting Board of Governors, which itself partially funded Tor until October 2012 – Radio Free Asia) and seek to subvert it.[13][50]

    Tor is not meant to completely solve the issue of anonymity on the web. Tor is not designed to completely erase tracks but instead to reduce the likelihood for sites to trace actions and data back to the user.[51]

    Tor is also used for illegal activities, e.g., to gain access to censored information, to organize political activities,[52] or to circumvent laws against criticism of heads of state.

    Tor has been described by The Economist, in relation to Bitcoin and Silk Road, as being "a dark corner of the web".[53] It has been targeted by the American National Security Agency and the British GCHQ signals intelligence agencies, albeit with marginal success,[13] and more successfully by the British National Crime Agency in its Operation Notarise.[54] At the same time, GCHQ has been using a tool named "Shadowcat" for "end-to-end encrypted access to VPS over SSH using the TOR network".[55][56] Tor can be used for anonymous defamation, unauthorized news leaks of sensitive information, copyright infringement, distribution of illegal sexual content,[57][58][59] selling controlled substances,[60] weapons, and stolen credit card numbers,[61] money laundering,[62] bank fraud,[63] credit card fraud, identity theft and the exchange of counterfeit currency;[64] the black market utilizes the Tor infrastructure, at least in part, in conjunction with Bitcoin.[48] It has also been used to brick IoT devices.[65]

    In its complaint against Ross William Ulbricht of Silk Road, the US Federal Bureau of Investigation acknowledged that Tor has "known legitimate uses".[66][67] According to CNET, Tor's anonymity function is "endorsed by the Electronic Frontier Foundation (EFF) and other civil liberties groups as a method for whistleblowers and human rights workers to communicate with journalists".[68] EFF's Surveillance Self-Defense guide includes a description of where Tor fits in a larger strategy for protecting privacy and anonymity.[69]

    In 2014, the EFF's Eva Galperin told BusinessWeek magazine that "Tor’s biggest problem is press. No one hears about that time someone wasn't stalked by their abuser. They hear how somebody got away with downloading child porn."[70]

    The Tor Project states that Tor users include "normal people" who wish to keep their Internet activities private from websites and advertisers, people concerned about cyber-spying, users who are evading censorship such as activists, journalists, and military professionals. As of November 2013, Tor had about four million users.[71] According to the Wall Street Journal, in 2012 about 14% of Tor's traffic connected from the United States, with people in "Internet-censoring countries" as its second-largest user base.[72] Tor is increasingly used by victims of domestic violence and the social workers and agencies that assist them, even though shelter workers may or may not have had professional training on cybersecurity matters.[73] Properly deployed, however, it precludes digital stalking, which has increased due to the prevalence of digital media in contemporary online life.[74] Along with SecureDrop, Tor is used by news organizations such as The Guardian, The New Yorker, ProPublica and The Intercept to protect the privacy of whistleblowers.[75]

    In March 2015 the Parliamentary Office of Science and Technology released a briefing which stated that "There is widespread agreement that banning online anonymity systems altogether is not seen as an acceptable policy option in the U.K." and that "Even if it were, there would be technical challenges." The report further noted that Tor "plays only a minor role in the online viewing and distribution of indecent images of children" (due in part to its inherent latency); its usage by the Internet Watch Foundation, the utility of its hidden services for whistleblowers, and its circumvention of the Great Firewall of China were touted.[76]

    Tor's executive director, Andrew Lewman, also said in August 2014 that agents of the NSA and the GCHQ have anonymously provided Tor with bug reports.[77]

    The Tor Project's FAQ offers supporting reasons for the EFF's endorsement:

    Criminals can already do bad things. Since they're willing to break laws, they already have lots of options available that provide better privacy than Tor provides....

    Tor aims to provide protection for ordinary people who want to follow the law. Only criminals have privacy right now, and we need to fix that....

    So yes, criminals could in theory use Tor, but they already have better options, and it seems unlikely that taking Tor away from the world will stop them from doing their bad things. At the same time, Tor and other privacy measures can fight identity theft, physical crimes like stalking, and so on.
    — Tor Project FAQ[78]"




    In short, Tor is just too useful to some people and organizations to have them be scared off by the possibility that one of the Big Dogs will want to have a look at their computers.

    The imminent prospect that quantum encription could be available to non-state users is what really has the Big Dogs worried, and with good reason.

    Brian
    Last edited by Fellow Aspirant; 13th December 2017 at 01:02.
    A human being is a part of the whole, called by us "Universe," a part limited in time and space. He experiences himself, his thoughts and feelings as something separate from the rest—a kind of optical delusion of his consciousness.

    Albert E.

  7. The Following 7 Users Say Thank You to Fellow Aspirant For This Post:

    Bill Ryan (13th December 2017), enigma3 (14th December 2017), Ewan (13th December 2017), Reinhard (13th December 2017), Satori (13th December 2017), Valerie Villars (27th December 2017), Vicus (6th February 2023)

  8. Link to Post #5
    Unsubscribed
    Join Date
    23rd June 2013
    Location
    North America
    Age
    72
    Posts
    6,884
    Thanks
    12,723
    Thanked 29,293 times in 6,140 posts

    Default Re: The TOR browser: How to go Anonymous Online

    I think Brian, if one wants to keep a low profile, getting on Tor, hitting the flags, tripwires, puts one into the database.

    It seems to me one is not anonymous which is the title to your thread, the focus, using Tor as the anonymizer concept.. It isn't anonymous when one's IP is logged by getting one's "anonymous" hook through their network. At the outset one is tagged.. Later bagged? If nothing else one's browsing history, probably emails are then logged.. Privacy - hardly..

    Honeypot more so methinks.. Push tor? Why? I can think of many anonymous encrypters besides tor.. tell me I should be curious what is on the dark web? Nope, not for me. not curious one iota..

    https://motherboard.vice.com/en_us/a...tors-anonymity - we've talked about Mozilla's java issues before, and it is useless to revisit that holey system.. (Tor uses the mozilla firefox concept as the framework (dohh..)) https://threatpost.com/mozilla-patch...-users/122204/ I have heard others behind the scenes discuss why that was pushed, but my personal feelings are the jury is still out on that one.

    Nah, suggesting that people go "tor" in my mind is saying hey, eat me, I'm a shmoo..

    references:
    https://www.wired.com/2014/07/nsa-ta...vacy-services/
    https://www.thedailybeast.com/use-or...u-an-extremist
    https://www.schneier.com/blog/archiv...rgets_pri.html - THIS LINK refers to the expert who understands this "honeypot" and I think is the GOLD STANDARD understanding the holes in TOR and the risks one takes.. I feel it IS a MUST READ.
    https://motherboard.vice.com/en_us/a...tors-anonymity (how anybody can crack anonymity on tor)
    https://pando.com/2014/12/26/if-you-...our-damn-mind/ - "if u trust tor you are out of your damned mind"


    there are hundreds of links that expand on the above..
    Last edited by Bob; 13th December 2017 at 02:07.

  9. Link to Post #6
    United States On Sabbatical
    Join Date
    30th June 2011
    Location
    The Seat of Corruption
    Age
    44
    Posts
    9,177
    Thanks
    25,610
    Thanked 53,659 times in 8,694 posts

    Default Re: The TOR browser: How to go Anonymous Online

    Don't think "am I being anonymous", think "what does my meta data say" ie.. focus on the patterns and abhorrent behavior. what times do you regularly do what, what numbers do you regularly call, is there a disturbance to this pattern; what does that tell others?

    TOR is a great security blanket that is completely nullified by Nexus centers in the US (the physical implementation of PRISM). since every packet is captured and stored at major nodes all over the US, there is effectively no way to be completely anonymous, simply harder to find.

    Right now, with current proccessign power, there is strength in numbers. but patterns are the biggest search metric, so be-careful of yours.
    Hard times create strong men, Strong men create good times, Good times create weak men, Weak men create hard times.
    Where are you?

  10. The Following 9 Users Say Thank You to TargeT For This Post:

    Bill Ryan (27th January 2021), Bob (13th December 2017), enigma3 (14th December 2017), Ewan (13th December 2017), Fellow Aspirant (13th December 2017), Michi (13th December 2017), Reinhard (13th December 2017), sdv (22nd December 2017), Star Tsar (13th December 2017)

  11. Link to Post #7
    Unsubscribed
    Join Date
    23rd June 2013
    Location
    North America
    Age
    72
    Posts
    6,884
    Thanks
    12,723
    Thanked 29,293 times in 6,140 posts

    Default Re: The TOR browser: How to go Anonymous Online

    Mindblowinginly accurate TargeT !!!

    don't jump into a honey pot and not expect that there isn't a bear out there ready to feast..

    just a quick aside.. the way the datamining trip wires works, is somebody of high profile, i.e. Trump for instance, rabble rouses the whole baileywick... with some assinine statement which causes "Chatter" at that point all the bees start swarming around the "hive", and all the bloody dataminers have a feast eating the honey out of the hive.. (gees, colorful but accurate, eh?)

    understanding "stirring the pot" how that is used in the intel circuits really needs to be cleared up somewhere.. being anonymous certainly isn't a reality i think..

  12. Link to Post #8
    Canada Avalon Member CurEus's Avatar
    Join Date
    2nd June 2010
    Location
    Toronto
    Posts
    853
    Thanks
    1,205
    Thanked 5,015 times in 784 posts

    Default Re: The TOR browser: How to go Anonymous Online

    I tend to be of the opinion that there is no such thing as truly being "anonymous" online.

    However, I do believe that we need to takes steps to safeguard our privacy. Tor, in conjunction with a decent VPN, safe browsing habits, and decent security "should" keep most users safe from most exploits/hacks and basic tracking by moderately skills hackers and trackers.

    I expect it does NOTHING to preclude the back-doors already built into hardware, browsers, Facebook etc or alphabet soup agencies and their myriad of tools and resources.

    We're even tracked online without being online. Facebook Amazon and Google as well as others already have profiles of non users.

  13. The Following User Says Thank You to CurEus For This Post:

    Bill Ryan (27th January 2021)

  14. Link to Post #9
    Bhutan Avalon Member enigma3's Avatar
    Join Date
    1st July 2016
    Posts
    417
    Thanks
    4,293
    Thanked 2,826 times in 404 posts

    Default Re: The TOR browser: How to go Anonymous Online

    If you want to see who is trying to track you, put Ghostery on your phone or computer. Great free program.

    I agree a good VPN is the best way to go "dark".

    If I were to use TOR, it would be on a dedicated computer.

  15. The Following 2 Users Say Thank You to enigma3 For This Post:

    Bill Ryan (27th January 2021), Bob (14th December 2017)

  16. Link to Post #10
    Great Britain Avalon Member
    Join Date
    26th April 2017
    Posts
    92
    Thanks
    294
    Thanked 438 times in 89 posts

    Default Re: The TOR browser: How to go Anonymous Online

    Yikes! I just downloaded Tor to try it out only 2 days ago. I went to God Like Productions to test it as they have a flag of your country of location and the site said my IP was banned so it doesn't do a great job in that regard. What about using Tor to access a VPN? That might achieve true freedom.

  17. The Following User Says Thank You to chris_walker For This Post:

    Bill Ryan (27th January 2021)

  18. Link to Post #11
    United States On Sabbatical
    Join Date
    30th June 2011
    Location
    The Seat of Corruption
    Age
    44
    Posts
    9,177
    Thanks
    25,610
    Thanked 53,659 times in 8,694 posts

    Default Re: The TOR browser: How to go Anonymous Online

    VPN is another security blanket; I've hijacked VPN sessions before... they are NOT what they are touted to be.

    Not that this should worry you, you and I are not high value targets and are ignored; concern your self with preventing script kiddies and other low level "hackers" from exploiting easy holes and you'll be fine.
    Hard times create strong men, Strong men create good times, Good times create weak men, Weak men create hard times.
    Where are you?

  19. The Following 2 Users Say Thank You to TargeT For This Post:

    Bill Ryan (27th January 2021), Bob (14th December 2017)

  20. Link to Post #12
    Unsubscribed
    Join Date
    23rd June 2013
    Location
    North America
    Age
    72
    Posts
    6,884
    Thanks
    12,723
    Thanked 29,293 times in 6,140 posts

    Default Re: The TOR browser: How to go Anonymous Online

    Quote Posted by enigma3 (here)
    If you want to see who is trying to track you, put Ghostery on your phone or computer. Great free program.

    I agree a good VPN is the best way to go "dark".

    If I were to use TOR, it would be on a dedicated computer.
    I like having what Paul at one time suggested - https://chrome.google.com/webstore/d...pblgpgbilinlem PixelBlock for gmail "mail read"..

    Quote PixelBlock is an Gmail extension that blocks email tracking attempts used to detect when you open/read emails. PixelBlock displays a 'red eye' when it finds and blocks a tracking attempt inside of an email you're reading.

  21. Link to Post #13
    Canada Avalon Member Fellow Aspirant's Avatar
    Join Date
    6th July 2011
    Location
    Kingston, Ontario
    Age
    73
    Posts
    1,104
    Thanks
    6,038
    Thanked 5,595 times in 1,002 posts

    Default Re: The TOR browser: How to go Anonymous Online

    Hi Bob
    A couple of things ...
    re: "I think Brian, if one wants to keep a low profile, getting on Tor, hitting the flags, tripwires, puts one into the database.

    It seems to me one is not anonymous which is the title to your thread, the focus, using Tor as the anonymizer concept.. It isn't anonymous when one's IP is logged by getting one's "anonymous" hook through their network. At the outset one is tagged.. Later bagged? If nothing else one's browsing history, probably emails are then logged.. Privacy - hardly..

    Honeypot more so methinks.. Push tor? Why? I can think of many anonymous encrypters besides tor.. tell me I should be curious what is on the dark web? Nope, not for me. not curious one iota.."

    One, I never made the claim that Tor would let anyone become anonymous online. It's in the title, though, and I didn't want people to think that I was claiming its authorship as my own. So, not on me.

    Two, I never made the claim that people who are curious about the Dark Web should read the article. My intent was to allow people who were curious about Tor to inform themselves about its nature and how to learn more about how to use it. Easily misunderstood if read quickly, but still, not my aim. Your words.

    I knew that by posting this piece it would attract the attention of those like yourself who are much more prepared to go into detail about the pros and cons of Tor. In this I have been successful, so thanks for your input.

    As I have already stated, those who use Tor use it despite knowing the likelyhood of being "red flagged". They use it because they find it useful for avoiding stalkers and for whistleblowing communications with media organizations. That's why the Electronic Frontier Foundation endorses its use. And speaking of whistleblowers, please don't scare off those who would use Tor to communicate with Bill Ryan.

    Tor isn't perfect - far from it, but it serves an important purpose for a segment of our world wide citizenry.

    For the record, I have never used Tor myself, nor do I have any plans to. I have nothing to hide! I never do anything illegal! There, do you think I've convinced the servers at the Big Dogs' data farms to expunge my information? Probably not. I fear I've used the word "Tor" too much already - and by starting this thread I've no doubt that I've been pushed a few layers deeper into their 'suspicious' bin.

    If so, so be it.

    P.S. Maybe if I ask Paul nicely, he'll burn this whole thread for the protection of us all.

    Too late, though, isn't it, with key loggers that forward for storage any and all strokes, even those we erase before sending?

    Yeah, I hope they suffocate on their bit streams.

    Brian
    Last edited by Fellow Aspirant; 14th December 2017 at 23:47.
    A human being is a part of the whole, called by us "Universe," a part limited in time and space. He experiences himself, his thoughts and feelings as something separate from the rest—a kind of optical delusion of his consciousness.

    Albert E.

  22. The Following 2 Users Say Thank You to Fellow Aspirant For This Post:

    Bill Ryan (27th January 2021), kfm27917 (28th January 2021)

  23. Link to Post #14
    Avalon Member palehorse's Avatar
    Join Date
    13th April 2020
    Location
    Gaia
    Language
    English
    Age
    46
    Posts
    1,630
    Thanks
    12,042
    Thanked 11,413 times in 1,572 posts

    Default Re: The TOR browser: How to go Anonymous Online

    I know this is an old thread, but it was the only one I found that is specifically about Tor..

    Here is a nice and short video from JUL 2019 talking about #6 flaws in Tor network.



    The creator of the video posted the following in the comments hahahah
    "This video was demonetized by Youtube. Unsuitable for most advertisers. Really???"
    --
    A chaos to the sense, a Kosmos to the reason.

  24. The Following 4 Users Say Thank You to palehorse For This Post:

    Bill Ryan (27th January 2021), ByTheNorthernSea (27th January 2021), gord (27th January 2021), kfm27917 (28th January 2021)

  25. Link to Post #15
    Avalon Member palehorse's Avatar
    Join Date
    13th April 2020
    Location
    Gaia
    Language
    English
    Age
    46
    Posts
    1,630
    Thanks
    12,042
    Thanked 11,413 times in 1,572 posts

    Default Re: The TOR browser: How to go Anonymous Online

    Darknet news, here is something I came across earlier and it is a very concerning situation for Tor users, this article is about Tor relays been compromised by a threat actor that supposedly is running hundreds of malicious Tor nodes/relays.

    Here you can read the entire original article (you need a Tor browser).
    http://darkzzx4avcsuofgfez5zq75cqc4m...us-tor-relays/


    For those without the Tor browser I am copying & pasting right bellow (4 mins. reading article)



    Quote Who is Running Hundreds of Malicious Tor Relays?
    ~4 mins | Published by Darknetlive on 8 Dec, 2021 in News and tagged Privacy using 696 words. | 7 Comments

    A threat actor is running hundreds of malicious Tor relays as part of what researchers suspect is an attempt to deanonymize Tor users.

    Nusenu, a Tor relay operator, first identified “KAX17” as a sophisticated threat actor in 2019. At the time, Nusenu had identified a “long-running suspicious relay group” that was active since 2017, if not earlier. “At their peak, they reached >10% of the Tor network’s guard capacity,” Nusenu wrote in 2019.

    In nusenu’s most recent blog post about KAX17, they provided the following summary of the actor’s behavior:

    active since at least 2017
    sophistication: non-amateur level and persistent
    uses large amounts of servers across many (>50) autonomous systems (including non-cheap cloud hosters like Microsoft)
    operated relay types: mainly non-exits relays (entry guards and middle relays) and to a lesser extend tor exit relays
    (known) concurrently running relays peak: >900 relays
    (known) advertised bandwidth capacity peak: 155 Gbit/s
    (known) probability to use KAX17 as first hop (guard) peak: 16%
    (known) probability to use KAX17 as second hop (middle) peak: 35%
    motivation: unknown; plausible: Sybil attack; a collection of tor client and/or onion service IP addresses; deanonymization of tor users and/or onion services

    In October 2020, nusenu reported KAX17’s exit relays to the Tor Project which resulted in their removal from the network. Before the removal of the actor’s exit relays, a Tor user had up to a 16% chance of connecting to one of KAX17’s guard relays, up to a 35% chance of using KAX17’s middle relays, and up to a 5% chance of using one of the actor’s exit relays. The worst-case scenario on 2020, 09, 08, nusenu wrote, KAX17 could de-anonymize tor users with the following probabilities:

    first hop probability (guard) : 10.34%
    second hop probability (middle): 24.33%
    last hop probability (exit): 4.6%'


    Guard, middle and exit probability between 2019–01–01 and the removal event on 2021–11–08 | nusenu

    The day after the Tor Project had removed the exit relays reported by nusenu, a new “large no-name exit relay group” appeared. Nusenu has not attributed the new group to KAX17 yet but also does not believe KAX17 “halted their exit operations completely.”

    While investigating this threat actor’s relays, nusenu discovered an email address that had initially appeared in the ContactInfo descriptor field of KAX17’s relays. The actor later removed the email address. When looking into the email address, nusenu found it on the tor-relays mailing list.

    “Interestingly it became almost exclusively involved on the mailing list when policy proposals with regards to malicious relays were discussed or when large malicious relay groups got removed. They apparently disliked the proposals to make their activities less effective.”

    (Nusenu noted that any relay operator could have used the particular email address for their relay’s ContactInfo. However, the email address appeared on KAX17’s relays long before appearing on the tor-relays mailing list.)

    Nusenu outlines some potential solutions in their blog post. It is worth reading if tor’s weaknesses are of interest to you: Is “KAX17” performing de-anonymization Attacks against Tor Users?

    Cimpanu, reporting for The Record, asked nusenu about the chances of KAX17 being part of a research project. Nusenu provided the following response:

    Academic research is usually limited in time. KAX17 has been active since 2017.
    Researchers do not get involved in weakening anti-bad-relays policies on the Tor mailing list.
    Researchers do not fight against their removal and do not replace removed relays with new relays.
    Research-based relays usually run within 1-2 autonomous systems, not >50 ASes.
    Research relays usually run <100 relays, not >500.
    Research relays usually do have a relay ContactInfo.
    The Tor Project is quite well connected to the research community.

    via The Record “A mysterious threat actor is running hundreds of malicious Tor relays”

    It is hard to imagine this being part of a research project. Then again, Carnegie Mellon researchers conducted a traffic confirmation attack and a Sybil attack as part of some form of research. The FBI discovered this research and used it to arrest at least two people, one of whom is likely known to readers of this site: Brian Farrell, aka DoctorClu, who was involved in the administration of Silk Road 2.0.

    KAX17 certainly seems like a state-backed actor.


    and of course, the article does not say anything about mitigation, but actually there is 2 options to mitigate it, the easiest way is to use a bridge which can be requested directly to the Tor team by email or use the ones available in your Tor browser.

    Tor Bridges are relays as well, the difference is the are not listed in the Tor relay directories, which is a good thing because Bridges change all the time, and nobody can keep a update black list of it.

    the second option require some technical skills, to edit your `torrc` file, it is the only Tor configuration file - you can't go wrong, on Linux it is usually available in `/etc/tor/torrc`, on windows I am not sure, but a simple search will show where it is... and edit the list of Tor exit nodes or relays in there.

    In a few steps how to mitigate the problem using the second option.

    Step 1
    Open `/etc/tor/torrc` with a text editor.

    Step 2
    Search for the word "ExitNodes" without the quotes, if nothing coming up, it means you never edited the file before.
    Add this line at the end of your torrc file.

    Code:
    ExitNodes <ip>
    or to allow only specific country for the exit nodes

    Code:
    ExitNodes {us} StrictNodes 1
    More in depth information from the source:
    https://2019.www.torproject.org/docs...l.en#ExitNodes

    To learn more about the Tor relays, check the relay search tool by Tor here on this link
    https://metrics.torproject.org/rs.html#toprelays


    Things with Tor can become extremely complex, I do recommend to stick with the first option and use Bridges, unless you know exactly what you are doing, because to know which relay is or is not compromised is a very hard task if not impossible, I would also keep an eye on these links above, Tor team won't allow compromised relays without warning users, but also there is nothing much that can be done about it.
    --
    A chaos to the sense, a Kosmos to the reason.

  26. The Following 3 Users Say Thank You to palehorse For This Post:

    gord (10th December 2021), Mashika (11th December 2021), Vicus (6th February 2023)

+ Reply to Thread

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts