What is the most secure set up for Tor usage? Some people have advised the use of a VPN in conjunction with Tor whereas others have advised against and claimed it can actually reduce anonymity and open more attack vectors for real IP disclosure. Use of bridges is also questionable as bridges don't get vetted to the same extent as entry nodes, they also have a habit of randomly going offline whilst in use (check the bridge activity chart for late December 2017 for example)
Tor is way too fucking slow for me,so I never use it.I have a good and stable connection,so I don't really get while it's so damn slow.
Jason Jackson
t. brainlet
Isaac Wright
Wut? I use Tor all of the time and I max out my connection. The only thing that is slow is the response time. That's to be expected though because it hops around a few times.
Gavin Martin
I prefer tails
Charles Jones
tails from a live cd. i say CD because it's ROM so theres no way any data can be saved anywhere. Live USB is ok too but just make sure it's not saving persistent storage anywhere.
Landon Garcia
OI,I expected a slower response time,but not THAT slow.Literally nothing happens whenever I search for something,or only after 5 minutes.I checked the settings,and they seem normal.
Kindly fuck off.
Ethan Garcia
kindly go back to rebbit, reddit spacing brainlet. if you don't understand tor then you don't belong here
Nathaniel Foster
>nggggggggggh le reddit spacing nghhhhhhhhhhh
Neck yourself,degenerate.
Nicholas Rivera
the redditor did it again, absolutely pathetic
Brandon Allen
>only after 5 minutes Just to let you know, 56k is outdated
Christopher Martinez
K
Caleb Edwards
why do you prefer whonix?
God I'd love some K rn
David Peterson
>why do you prefer whonix? I don't do anything illegal, designed to run in a virtual machine, plus it hides your mac address from applications
Andrew Wright
>I don't do anything illegal Tails users don't either, it just means if you get infected with a keylogger or some shit then it will be gone when you restart whereas it would remain dormant on whonix and qubes
Nicholas Jenkins
if you ever get a keylogger you're retarded
Sebastian Scott
You do know most keyboards have built in keyloggers? Look at what happened with HP a few years back. Also, if you use whonix, you are retarded.
Owen Wright
sorry for making you mad windows baby, feel free to come back here when you're older
Gabriel Thompson
Sorry to offend you whonix lad, feel free to come back when you're done with hacking Gibsons
Elijah Taylor
whonix isn't even a real os so why would i feel any need to defend it do you have autism
Elijah Stewart
Goodbye my lover, goodbye my friend
Luis Price
You do realize this isn’t reddit
Dylan Torres
How do I upvote this?
Also
Less sissy love rivalries and more Tor please.
Liam Thomas
Is it best to use Tor on its own in tails or would you still need a VPN to go with it? I don't think tails let's you select the entry node server location either which is pretty shitty considering its supposed to be a secure os yet has less anonymity options for Tor than the default browser bundle
Asher Morris
Re-evaluate your life choices and make it so you have nothing to hide you mentally ill degenerate.
Dominic Stewart
kill yourself
Liam Collins
Samefag >calls someone degenerate >browses 4chins
Samuel Williams
CIA are unhappy
Colton Taylor
>vpn with tails good luck having a static entry node faggot
Ian Morgan
>kys fbi
Jeremiah Walker
but I do have something to hide you fucking faggot.
MY PRIVACY
And since the Constitution declares my RIGHT to protect my PROPERTY, including intangible property, like my FUCKING PRIVACY, you can go fuck off back to whatever commie fuck-hole you were spawned from.
Andrew Jones
Did you heard, that goverment don't want you to get good stuff, you want to wait till some heaven that is promised to be good or what?
Austin Green
So is it best to just use Tor via tails and no VPN? No need to be a dick about it
Caleb Jones
yes, vpn would be a security risk if anything go read up on how tor works (the basics) and you will realise how silly the idea is
Christian Anderson
sorry user i just don't want the fbi to shoot your pupper
Dominic Clark
Does anybody know how to change the default entry node location for Tor in tail or do you have to stick with the default of world wide? I'd like to select blaytland as they cooperate with practically nobody
Dominic Harris
Tor is compromised, so don’t. FYI - DOJ can use 702 intel (i.e. Tor traffic) with no warrant or judicial review for 7 categories of activities, which include computer “crimes”among others.
So really, just don’t. But if you must, run your OS as a VM and attach it to Whonix with VirtualBox (so all your traffic goes through Whonix). Then set up a VPN on the host computer so all your traffic goes through there.
But really, don’t.
Lincoln Perez
Tor scares me, since I hear that just looking it up on any search engine will put you on an FBI watchlist.
Nathan Jackson
Why all the discouragement, even against Whonix?
Nathaniel Hughes
No I’m good with the sec / user programs. I’m trying to say don’t use Tor under the assumption that your activity is safe from the long arm of statism. Lots of activities can be classified as illegal by our wonderful gov, and then surveillance hijinx ensue.
Joseph Phillips
If the data itself is encrypted then how can they tell what you are doing in order to categorize it?
Meant to make this clearer - both the main (browsing) OS and Whonix should both be run on the host machine as VMs. The VPN should be set up on the host’s OS (not the browsing OS or Whonix).
Brandon Mitchell
JUST read that article, not 3 hours ago. Great minds, user... great minds.
Jayden Gutierrez
>What is important to remember is that it isn’t likely that Tor, I2P, and VPNs are all completely compromised, and it is an important reminder that more people and organizations without malicious intent should run Tor nodes, if they are able to do so securely
Asher Wright
I’m not going to pretend to fully understand all the details, or rattle off a bunch of research. There’s lots of open source intelligence out there.
I was thinking about creating a category specifically for discussions about deanonymization attacks, parallel construction, 702, etc. Not sure if there’s enough interest.
But from what you know, in brief, how do they generally go about it and is there anything we can do to work against it.
JavaScript injection? Honeypot node wouldn't work as even the node operator can't see the decrypted traffic
Lucas Barnes
Really good questions...lots of theories. Look up deanonimization and targeted adversaries. I’m still learning myself. Would love to continue the conversation.
Joseph Long
It sounds like a fear campaign if I'm honest. All of the big busts on dark web for shit like hardcore drugs and CP have come from user error or server security failure, I've never heard of 1 single person getting arrested due to their data logging.
They are setting up specialist task forces to catch people for selling opioids via dark net, but if they have been data logging for the past 4 years then what's the need? Why not just look into the harvested data? I believe they aren't looking into the data as they don't have the ability to decrypt it.
Jeremiah Wood
You should look into parallel construction en.m.wikipedia.org/wiki/Parallel_construction Then take a look at Brian Krebs’ rebuttal of the OPSEC claims krebsonsecurity.com/2014/10/silk-road-lawyers-poke-holes-in-fbis-story/ I have my own theories that involve more targeted adversarial attacks than traffic analysis / recorded data decryption. It includes traffic confirmation and “NIT” deployment among other things. I’m not really settled in for all that typing and sourcing right this second but I do want to start an ongoing general topic to discuss.
John Ramirez
I’m butchering my own posts because I’m not in a place to type this all out. That’s an old Krebs post but I’ve started collecting all these “chance” OPSEC slips and finding holes in them.
That’s the thing about parallel construction. The gov gets so lucky with anonymous tips and bitter ex girlfriends.. it’s such unlikely bullshit.
Alright I’m moving on for now. Look for the general topic post coming soon.
Brayden Jones
Hey how do I open the webms I find on Tor?
Brayden Gray
let's be real with eachother, any webm that u find on tor that's not on the clearnet you should absolutely not be looking at
Leo Long
really bad idea man. you know the kind of code that can be hidden in videos these days?
Adam Williams
nice thread faggots
Charles Torres
Tor is the ultimate honey pot; best way to trigger all the flags and be searched and targetted specifically. If you want to be safe stop being a faggot; be legal; and don't do stupid shit.
Carson Thompson
Set security setting to high
Make sure noscript has everything disabled
Make sure you keep tor updated
Bonus for logging into a VPN before using Tor
Never log into any websites that require anything that might tie you to your real identity