Torproject.com

So, I just downloaded this browser. I read on wikipedia that it is still vulnerable. When I opened the browser I turned on "start private browsing" button and it said this:

"While this computer won't have a record of your browsing history, your internet service provider or employer can still track the pages you visit."

So am I browsing anonymously, or not? What was the point?

Tor is only part of the solution. You also need a VPN to browse completely anonymously.

Jeez Louise. I'll look into a VPN. What if I just got a VPn and no Torproject? Watch out, I'm drinking margaritas. While using the TOR browser I tried to find the SR but could not. Anyone know the way? Please, and thank you.

tor? You aren't looking for deep net, are you?

tor is a browser for the deep web. a place i stay far away from these days.

very bad place, indeed. nothing people should be playing on.

This, this is a playground. The deep web is where I want to look around. So, TOR and a VPN? Anything else? Please, and thank you, my friends.

That really should be all you need to know for the basics. The deep web sites are all .onion as a suffix. There are a ton of great threads here on riu with lists of sites.

you will want to vpn to an anonymous proxy, something with a dynamic ip allocation system.. as in, once you vpn to the proxy you should be assigned a dynamic ip, something different than it was the last time you logged in.

anonymous VPN'd proxy, firewall, goo virus protection, an understanding that what is seen cannot be unseen; and, depending on your planned criminal enterprises, you can further secure yourself by getting a cheap throw-away wifi card, and dropping that in your laptop before you anonymously connect to a local coffee shop or other free wifi (free as in they don't require verifiable personal information to log on.)

I'd be careful about buying quantities of anything commonly sold on deep but not readily available otherwise. Same with papers, if they're on the 'net, they aren't nearly personalized enough, and you could wind up with the same new name as a multi-felon fugitive, or worse, wind up with a vigilant person's real name. Governments do run stings on deep net...

ClaytonBigsby said:

So, I just downloaded this browser. I read on wikipedia that it is still vulnerable. When I opened the browser I turned on "start private browsing" button and it said this:

"While this computer won't have a record of your browsing history, your internet service provider or employer can still track the pages you visit."

So am I browsing anonymously, or not? What was the point?

Click to expand...

Depends on what level of anonymity and who you would like to be anonymous from? Hiding from advertisers and the like is quite easy using browser ad blocks; hiding from your ISP is much more difficult.

For starters, get an OS like TAILS or build your own linux box using LFS, install only what you need and crypto tools.

If you cannot do it yourself just grab Tails and a verified vpn and your prety much good to go.

regards,

This is from the Torproject website, regarding VPN and TOR

https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN


[h=2]Anonymity and Privacy ¶[/h]You can very well decrease your anonymity by using VPN/SSH in addition to Tor. (Proxies are covered in an extra chapter below.) If you know what you are doing you can increase anonymity, security and privacy.
Most VPN/SSH provider log, there is a money trail, if you can't pay really anonymously. (An adversary is always going to probe the weakest link first...). A VPN/SSH acts either as a permanent entry or as a permanent exit node. This can introduce new risks while solving others.
Who's your adversary? Against a global adversary with unlimited resources more hops make passive attacks (slightly) harder but active attacks easier as you are providing more attack surface and send out more data that can be used. Against colluding Tor nodes you are safer, against blackhat hackers who target Tor client code you are safer (especially if Tor and VPN run on two different systems). If the VPN/SSH server is adversary controlled you weaken the protection provided by Tor. If the server is trustworthy you can increase the anonymity and/or privacy (depending on set up) provided by Tor.
VPN/SSH can also be used to circumvent Tor censorship (on your end by the ISP or on the service end by blocking known tor exits).



I cannot believe how old all of this makes me feel. When I was in high school, phones were still attached to the wall, and you might know 1 person with a phone in their car. Much of this is like an obscure foreign language.

Should I just avoid all of this from my home network? Seems there isn't really anything to protect me completely. Seems buying a laptop in cash and downloading a VPN and TOR from a free wifi spot, then using another wifi spot is best for deep web travel. On cnet there are a few wifi blockers to keep the wifi ISP from seeing what you are doing as well. Laptop route the better choice, or do I have a chance from home? Please, and thank you!!

wow this is some serious nerd talk.

Walk softly, but carry a big stick...is all I have to say

So, I have been reading many different sites regarding TOR, VPN, and ISP's and it is still very confusing. I want to share with you some of the things I have read that contradict things said here, so nobody is misunderstanding their protections. I found this comment at a site reviewing TOR:

To my understanding, this is one of the ways in which Tor is of little or no use to those wanting anonymity for illcit purpose(s). The Tor Project claims today most [COLOR=#215AC3 !important][COLOR=#215AC3 !important]internet [COLOR=#215AC3 !important]users[/COLOR][/COLOR][/COLOR] aren't at Tor, Windows Club or better tech levels; for instance, Andy K's WC Forum last week had therein links to [COLOR=#215AC3 !important][COLOR=#215AC3 !important]browser [COLOR=#215AC3 !important]security[/COLOR][/COLOR][/COLOR] checkers...in my case, one scanner told me my browser was only one of 21 out of 2 million it has tested and which had my security or better.

This is known as "uniqueness", and the more unique you are the easier to track you are by style alone. Per the Tor Project, if your bent is simply not to be tracked these days it seems you can't be deemed "unique" by websites or otherwise in encrypted data which may be intercepted by so-called "evil" nodes and compared to traffic analysis in general. That is, if an "evil" node operator sees your tight security and nothing else, or a website detects it, you're going to be easier to find by process of elimination as so few private parties these days have such security and timing of your accessing Tor/appearance of highly [COLOR=#215AC3 !important][COLOR=#215AC3 !important]secure[/COLOR][/COLOR] effects can lead right to you. So even though Tor won't let exit nodes deliver spoofed UDPs (spam), if some other "unsavory" type makes even high security exit connection to just about ANY JavaScript or Flash-using site, inter alia, and they obviously have to to be using the internet for illicit purpose, they can "beat" agencies temporarily by appearing to be part of the low-tech-knowledge crowd via ENABLING scripts and flash like "most users"...but then they are exposed to hazards of using JavaScript or Flash at sites which can then help find them via analysis of their own "uniqueness": elements of their offense!

To be sure, the average Windows Club person doesn't engage in much that requires threat of discovery by law agencies via "uniqueness", and tech-savvy people like them are not who Tor wrote the advice for. I myself disable all scripts and set Tor security options to warn me of attack sites notwithstanding (note: I find you must tell Vidalia GUI that each time you start Tor...it indeed remembers nothing!). If I want a tech tut at YouTube, for example, I can temporarily allow that single video...to my awareness nobody is "staking out" my everyday internet spots. My "anonymity" is a byproduct of wanting tight protection against malware scripting.

But if I were merely behind a national firewall of free thought generally, though not really "illicit" I too would want to avoid "uniqueness" in watching that same dull tech tut. To avoid end-to-end discovery I too would then have to deal with state-of-the-art DPI and other analyzers via turning off scripts generally...like most modern non-tech users; and I'd still have a great Tor warning system re attack sites plus my own trusted antiviral program...and Microsoft [COLOR=#215AC3 !important][COLOR=#215AC3 !important]malware [COLOR=#215AC3 !important]removal[/COLOR][/COLOR][/COLOR] tools since I'm a windows fan.


Did anyone else read this as, TOR isn;t really protecting you from prying eyes while surfing illicit sites? Then there's the whole VPN then TOR, or TOR then VPN debates....... Jeeebus.


I feel like Steve Buscemi in Armegeddon, when they're about to take off and he says "Oh Boy! Are we staying, are we going, are we staying?!?!?!?"

I just recieved my first order from silk road. just a couple grams of hash. came down with no problems.
i used tor thinking that was me completley anonymous.

@ClaytonBigsby

I had a chance to play around a little bit and this post is being posted from a computer with no physical hard drive running the Tails OS from a USB stick.

The installed firefox is a litlle insecure but can be hardened by a swap out of jondo fox

still testing, more to comr..

regards,

NO hd!??!?! I have a laptop that got the BSOD. Let me know how it works, maybe I can do the same with it. Do you think the processor has any identifying info on it?

ClaytonBigsby said:

NO hd!??!?! I have a laptop that got the BSOD. Let me know how it works, maybe I can do the same with it. Do you think the processor has any identifying info on it?

Click to expand...

Actually it works surprisingly welomputer l, I have tested Tails and now JonDo Live-CD and they both are really well set up systems based on Debian GNU/Linux (the best OS in the world, I was a long time Debian administrator )

Both systems were surprisingly fast booting in about 15 seconds using a 16GB USB 3.0 stick, the host computer is a Lenovo i5-2520 CPU @ 2.50GHz 4GB Ram. The pre-configured browser was very strict on the JonDo and surprisingly configured incorrectly for anonymity (JavaScript enabled by default on the Mozilla browser)

Both systems work well and have a full workable desktop (text editor, abiword, pidgin (messenger)) that can be mastered in no time even for Linux newbies.

It's been some time since I required a portable solution, in a pinch I would choose either OS loaded onto a USB stick and I think your pretty well protected from being tracked, if your seeking for more nefarious means a n end to end encrypted VPN with a reputable vendor known not to cooperate with law enforcement.

If you want to stay somewhat private and have no time, experience, with this type of stuff you can simply download the JonDo Firefox profile which is a very secure profile adding add/script locking, disabled cookies, etc.. I tried both the profile and the beta browser and they work very well for anonymous surfing but there's lots of hoops to jum through when trying to authenticate TO ANYTHING, but this is expected and they thought of it as you can open your default profile in another window to do authenticated YOU browsing.

Don't throw away that laptop yet, grab a 1Gig USB stick (5G+ should be readily available) and take the systems for a run, if you need some assistance let me know!

Oh yeah, once I was back online using my own (non-anonymous) system I visited some of the test sites I previously visited while anonymous and YOZZZZERS; I sure am letting the cat out of the bag.

regards,