How many of you fucks use onion browser? is it totally user?

how many of you fucks use onion browser? is it totally user?

Other urls found in this thread:

reuters.com/article/us-usa-cyber-congress-idUSKBN13P2ER
cvedetails.com/product/17153/Microsoft-Windows-7.html?vendor_id=26
cvedetails.com/vendor/23/Debian.html
bitaddress.org/
twitter.com/SFWRedditVideos

100% onion is 100% user

Read this:

reuters.com/article/us-usa-cyber-congress-idUSKBN13P2ER

Things are not pretty for Tor users.

I wouldn't trust it at all. Firefox just had a zero-day exploit that revealed TOR users and their information.

That, and now (as of December 1st) that the FBI can get a warrant on you JUST FOR USING TOR (regardless of what you might be doing with it), well, fuck that scene. No Tor for me.

Funny how some of the best protection is having none at all.

this
use something harder like i2p

fuck off nsa, I know where you are

Use a VPN if you're worried, sure it's a static location but at least it's not your location.

most people use vpn as well for an extra safeguard.

*don't use Windows to run tor
*use a VPN on your host machine
*use a virtual machine that only has a virtual network interface with the host. Than set up a socks proxy on host, and let tor connect through that socks.
That's how id do it. Maybe throw in some hardware in between router and pc for extra firewall capabilities.

>*don't use Windows to run tor
What do you suggest instead? Linux? That's bug riddled too, and much more difficult to harden, considering VOLUNTEERS are working on patches and fixes.on top comes the drastic differences from distro to distro.
U.Unless you're LPIC-3 Certified, chances are your linux distro has holes

every vuln I've seen is javascript-based

IIRC, TOR browser comes with NoScript by default, and all that shit turned off (last I used it was ~2010 though)

I don't understand why people would turn it back on if they're already going to the extent of using TOR

jokes on you, I already have a perpetual warrant against me for using a VPN for work, under that same rule change

considering that the vast majority of those volunteers are people who use it for other work (due to running servers or whatever), It's still very reliable.

Would you also argue IE is better than Firefox?

You seem pretty knowledgeable. My question is, How do you know that setup is enough? lets say your using tor to buy drugs, order a hitman etc. After you make your purchase how can you sleep easy knowing the alphabet boys aren't going to come kick in your door in the morning?.

>It's still very reliable.
You missed the point, it's not about reliability, it's about hardened against exploitation.
As for your volunteers remark; yeah, the same volunteers who have jobs and families too, who have even less time working/fixing on things, and usually NOT getting paid for it.

May I remind you of Heartbleed?

1) if you hire a hitman, chances are that you're hiring the FBI and they'll look into who wants to kill that person. Just don't.
2) there are no guarantees, ever
3) TAILS, in a Craigslist-pickup laptop with no hard drive, used from public wifi (e.g. chair against the wall in a public library) is probably your safest bet
4) NEVER enable flash, javascript, etc
5) physically disconnect webcam, also microphone and speakers for high-paranoia mode (speakers can be used as a microphone)

yes, you may. There's a reason it's so well-marketed when a vulnerability affects linux servers - both that other parties have an interest in making it seem insecure, and that it's actually good security to publish full details of issues to allow users to take care of things accordingly

May I point you to privelege-escalation CVE counts?

cvedetails.com/product/17153/Microsoft-Windows-7.html?vendor_id=26

cvedetails.com/vendor/23/Debian.html

I'll also throw out that a huge number of the debian vulns in that are in server frameworks (drupal had more than a few, for example), which nobody in their right mind would have installed on a TORbox anyway

You have bigger issues. You need to disable IntelME in your BIOS or purchase a machine that has a Core 2 Duo or lower. IntelME is a micro controller in your CPU that has complete memory and TCP/IP stack access without the knowledge of the main CPU. IntelME is scary as fuck. It can also send and receive network packets regardless of firewalls. So buy an old laptop, disable IntelME, install a FOSS operating system, and learn to computer. Then we'll talk.

So... this allows the government to keep doing what it does already? Cool, I guess it's business as usual for me.

Just disable scripting, you dumb nigger.

Nice try NSA.

Don't use Windows at all. Windows, OS X, Android, iOS, and anything made by Canonical are not to be trusted. I recommend Debian GNU/Linux or FreeBSD.

>physically disconnect webcam, also microphone and speakers
Everyone should do this. Just use a USB webcam with a built in mic and a USB speaker if you need them.

seconding the recommendation against Canonical, there was a shitstorm awhile back for forwarding all searches on Ubuntu through their servers and their response didn't inspire much confidence

also disagreed that they're mostly unpaid volunteers - a lot of larger companies put devs on projects they use heavily (e.g. IBM has a huge number of open-source devs), and other companies will still see the value in letting their devs use work time to improve stuff they need

If you guys think the US rule changes matter you are retards. The FBI has never followed the law even in spirit. The are one of the main distributors of pizza and coke.

you're correct, it's just that they don't have to try to keep it hidden from courts now

my substitute teacher from the 9th grade had something to say about this: when the fbi goes out looking, they see a hundred thousand normal people browsing in plain view, and one goofball running seven proxies. it raises suspicion.

in my opinion, the way of the 2016 spy community / cyber forensics community is simple: trick people into thinking they're being anonymous, let people pass through their proxies, use their links/shorteners.

like an undercover scenario, they GIVE you the gun and ask that you shoot with it.

Fortunately youre still mostly safe as long as you dont move in on their turf or get swept up in one of their pretend terror plots that they trot out when people ask what the fuck they are dping with all that taxpayer money.

I think noscript is actually turned OFF so it allows scripts

because a large large amount of sites need javascript

Another?? The fbi used that technique on a wide number of people a year ago and 3 years ago

Which methods would work for me if I want to search information on the net totally anonyoumosly?I think that TOR isn't enough.
Do not trust it.

yes. Two javascript and one WebRTC

use a public computer, and use DuckDuckGo in HTTP-only mode

No, the Tor browser does not allow script. That javascript can be used to deanonymize users has been well known to Tor developers for many years. That's the main reason that users are encouraged to use the Tor browser. It's basically just Firefox with noscript enabled and some privacy-minded tweaks to the default settings.

Anyone who uses Tor with javascript enabled is asking for it. This is the number one way that Tor users get deanonymized.

>pedo spotted

Nothing is "totally user." Every byte transmitted over the Internet goes through the big pipes at the backbones, all of which get funelled through Echelon. There's too much data for them to mine everything, but they certainly have the capacity to monitor any specific data they care to pursue. The fact is, the only real security you have is being too small for them to care about, which is called "security through obscurity" and is generally regarded as worse than useless, since it gives you a false sense of security.

And if I can't use public one?
Only mine.
Would it be enough to use, let's say, TOR + VPN and dick dick go search?
I'm not downloading like child porn or buying slaves on the net, it 's only for searching.

>trying to protect yourself is evidence of guilt

I just had a heavy case of unwarranted self-importance in HS, so I learned all this shit back then

it'd be a good start, but check all the other shit in this thread too. Also

>dick dick go
lulz

Will stay until local fuckers give a good advice on anonymity.

Tor is completely safe. 100%
Trust me user I'm an internet.

>volunteers
Most contributions to the kernel are made by people who are paid by companies like Intel, Texas Instruments, IBM, Samsung, Google, Cisco, AMD, and ARM, or by employees of the nonprofit Linux Foundation, which is funded by the same companies.

Neither of you have any idea what you're talking about. If you did, you'd know that the open source development model is not just the best way to develop secure software, it is literally the only way.

Its not really that safe.
If your just curious to have a look GO
nothing bad will happen
If you start your journey looking for shady shit. Then yea you done goofed

Don't be like me OP.... I learned my lesson the hard way......

Don't forget NSA, FBI, GCHQ

not hard at all.
use Tails (Linux OS...Tor approved) and Tor.
reason:
>its linux (all the Tor vulnerabilities were from Windows exploits)
>its a live disc/USB so nothing EVER gets saved.
>Tor..as far as i know the only way NSA/FBI found pedos were through windows malware when using poor settings in firefox (forgetting to disable javascript)

So would it ever be possible to be user on an android phone? Any possible way to install a new OS or virtual machine/network onto this? Ive been using orbot and orfox to pirate on my phone for about a year now and suddenly it feels like im gonna be tracked or some shit.

i feel like cell phones do so much shady shit you could never be sure

especially with the recent news that some models were sending all sorts of shit to a random server in china

The NSA originally developed parts of SELinux. The FBI and GCHQ have never made major contributions. Do you know how we know that? Because every single change made to Linux is public record. It's exactly the same reason that we know that SELinux is not harmful to users: we can fucking look at it. Now tell me about the contributions that the NSA has made to Windows. You can't, because nobody can. Enjoy your secret back doors.

When software is built in public, it doesn't matter who funds it or who works on it; all that matters is that there are people who are motivated to make sure that it's done right. Everyone who has a financial stake in the computer industry relies on Linux, and they all know it. Even Microsoft has given up fighting it.

what is your story

Not with a proprietary bootloader. Get a Thinkpad T400 for 80 USD on ebay and disable IntelME. Install Debian and you'll be good to go.

This. SELinux and other contributions to the kernel by the US gov are perfectly safe. If anyone thinks otherwise, they are free to download the source code and read every line of it.

you wont be able to run shit on that processor

Have you actually read every line of it? Has anyone? How can we be sure it's been read?

Do we know that theyre not hiding things though? I would rather have an actual software developer working on SELinux than just reading a source code.

but thats the problem isnt it. nobody ever actually looks at all that code. all of it.
sure they look at some parts but not all.
Heartbleed

Is it impossible to remove IntelME on any other processor? I have a laptop with an AMD Athlon II core

>Heartbleed
or
Shellshock
simple bugs that had been in the open for decades

i know nothing about it, some dudes in my class talk about it and how you can buy anything at all and hire hitmen and shit, i dont understand how that kind of thing could happen with no punishment, also with all the other shit thats prob on it, i think they were saying some wiki site that only can be accessed using tor browser, anyone know what im talking about?

I got my VPN, nobody can track me

If you really cared about anonymity, you'd be using a TAILS usb with persistence, and a laptop with no personal information on it, while using the public wifi at a coffee house. Otherwise, don't do shady shit on the internet.

nice try fbi

lol no just retarded to all this shit, dont know about it.

Someone looked at it... or else Heartbleed and Shellshock wouldn't have existed...

I use a P8400 on my main computer.

I've looked over most of the Linux kernel, minus the firmware I don't use. The Linux kernel is like half drivers.

What do you mean by this? It's open source. You can modify it and the rest of the kernel as you please.

Some things get overlooked, sure. This goes for all code. If Linux was closed source, a lot of terrible vulnerabilities would probably still be unpatched.

What part of the word "Intel" makes you think that IntelME would be included in an AMD CPU? Anyways, I know nothing about AMDs equivalent to IntelME. I'm sure it has something just as cancerous. Check out the Libreboot project page on IntelME for more info on that. Or just use Google.

Forgot pic.

I don't know where you can hire a hitman, but I'm assuming you're talking about the Hidden Wiki... of which there are many. It's a jumping off point. Seriously all you have to do to find it is open a Tor Browser and search "Hidden Wiki" on whatever search engine you are using... it'll probably be the first .onion address you see.

More importantly, though, even if you don't understand the code and don't have the time or resources to audit it, you can rest assured that there's nothing nasty going on because the number of people who do have the skill and the motivation and the resources is so high and those people are so diverse that to suppose they're all keeping the same secret is to suppose a conspiracy of unprecedented scale.

If you contribute something malicious to an important open source project, you can do nothing but hope than none of the millions of programmers capable of understanding what you've done, who have as wide a range of motivations for looking at it as is possible, including but not limited to employment at fortune 500 companies and organizations like NASA who use this software on mission critical systems, ever do or that all the ones that do decide to keep your secret.

It's like committing a crime in front of a security camera that permanently stores all footage in a public database and just sort of hoping that nobody notices, knowing that there are a lot of very powerful people who don't want you to do that. Even if you don't understand how to access that database and you don't have a software on your computer that can play those videos, you can be pretty sure that nobody has committed that crime.

Well you've convinced me. Time to do illegal shit all day and kill myself when i fuck up. At least ill live much longer than before finding this thread

>all this paranoia
what exactly are you anons hiding....

Nude pictures of your mother from yesterday, retard.

Not this time fbi

Nothing. It's just a hobby. Some people like painting, others enjoy photography. I enjoy not being cucked by the United States National Security Agency. I want my privacy because I live in a country which is supposed to be free, but is instead run by a bunch of fat motherufckers in top hats smoking cigars who sit around a table thinking of ways to screw up my day.

>say a bunch of ignorant shit about computer security
>get corrected
>"well I guess I'll just live my life as a criminal then"
You are extremely stupid.

tru

lately ive be afraid to go to muslim / white supremacist websites because i dont want to end up on some list

sucker those with the fear of the man and knowledge of exploits, then blackmail them with echoes in their private life to normalize them. they're not interested in lonewolves, this is infosec were talking about,

>You are extremely stupid.
of course. why else would i browse Sup Forums.

What is everyone opinion on using Tails on a burnt dvd rather than the USB? Is Tails shit now?

Here, have some currency with my face on it. My gf is very cool.

Nah. I was the one who mentioned that i pirated for a whole year on my phone, and even more on comp selling and buying drugs. I figured if i got caught id just blow brains out. This thread is gonna at least give me a couple more years till that happens

yes but how cant you get busted from going on that site? seems like it has nothing but bad things on it

Its actually just a fuckton of dead links.

Tails or Subgraph OS on neighbour's WiFi for anything minorly illegal such as downloading CP.

For uploading CP or purchasing illegal shit, scrap tor and use i2p or freenet inside a virtual machine running arch/ubuntu/debian on a network far from your home (invest in long-range antennas like tplink's 24dbi parabolic grid).

If you're going to do something unmentionable, do all in step 2, and program/rip someone's program for a proxy tunnel and plant it on public network computers (make sure it's fully hidden and able to remove itself without trace in a moment's notice) and also regular networks of people you can get to install some "minecraft.exe crack", then reverse proxy through a couple of them on a network far from your home before going onto i2p or freenet. Once you're done wipe everything. It's overkill for sure, but you never know.

Also it should go without mentioning; always spoof MAC addresses, user agents and trade only in BTC from sites that do not verify.

>use a public computer, and use DuckDuckGo in HTTP-only mode

Why not HTTPS?

i dont know much about it, i was told it was made for people who live in countries that censor internet, where if you go on computer and complain about the leader of your country you would get killed for it, as far as i know it was totally user by some way how having thousands of hosters from all over the world, something like youd go on it in russia and it would say your connection was in china or america, i dont really know too much about it though, seems sketchy and also seems like its just something the feds would use to catch dumb fucks trying to look at things they arnt supposed to be looking at.

child photography

May be related to this thread, something I've been wondering for a while...

How do I get Google out of my life? I honestly don't even know what I could replace Google Maps, search engine function (DDG is shit), Gmail, etc with, besides some Microsoft corporate tracking shit

I guess what I'm asking is if people who are terrible with computers can still somehow not be victims of mass surveillance

Just use chrome in incognito mode

do not verify?

>arnt supposed to be looking at.
Dont dare to question the watchers

Find user wallets and exchange services that don't ask for any form of identity and only ever use other people's bank accounts/paypal accounts to purchase the BTC. If you get ripped off it won't matter anyway since it's not yours in the first place.

bitaddress.org/ is pretty good for a wallet.

ugh you are so right

first you can go in and turn off all the stuff that they save that they let you see... like you searches, youtube history, location hisotry etc

beyond that IDK everything else sucks

the watchers? dude you have pizza bite filling on your shirt and are a virgin shut up.

JFC did you see the IRS is demanding coinbase release all transactions on their service to them?? I mean chances our the NSA already did this tho

u dont know me

Even so it'll either be too small for them to give a shit if you did it over tor only, and there'd be no trace of you being involved if you do it using step 3. Just as long as the money never ends up in any of your actual accounts. You could probably launder it through purchasing VPS' and selling them for BTC into a second wallet, then exchanging that BTC for PayPal. If you were somehow caught, the most they'd have you for is illegally selling VPS' which you can say you found on darknets and act like a moron trying to make an extra dollar.

Good luck getting a warrant on me in this safe Soviet country, FBI

Spot on... Hell even a cantenna can give you some cover. Sit at some McJoint and hit the Starclucks across the way can give you the cover you might need. They will only look at the patrons of THAT shop not every shop in like 1km... Because you might not even be in a shop doing this.

i see you on your web cam you basement dweller.

dont have a basement?

If you wish to go further, from experience at least 50% of WPA2 networks are crackable in less than 10 minutes using basic WPS flaws. Anyone can do that, even my grandma. From there you can tunnel into a public network by leaving a program on one of the computers, or conspicuously hiding a raspberry pi in the bathroom.

That depends on which "hidden wiki" you find. Some are pretty up to date...

inconspicuously* kek

Learning how to use Kali Reaver was the most hilarious thing I ever did.

Now I have that wifi pin, and that one, and that one, etc