/All/
|
index
catalog
recent
update
post
|
/math/
/tech/
/misc/
/free/
/meta/
/test/
|
Guide
light
mod
Log
P6384
Why most people shouldn't use Tor
Wed 2022-08-17 15:40:42
link
reply
Tor was designed to protect high risk individuals like journalists and whistleblowers and Tor bandwidth isn't unlimited. By using Tor, you're stripping entry and usage nodes of their resources and bandwidth thus harming high risk people. Tor is for journalists and whistleblowers, not regular users.
Most people should use a VPN for privacy since they are not high risk and you know who you're trusting with your data, and since VPNs are paid for, you aren't robbing people of resources. By using Tor, you could be exposing your browsing history to strangers or even the NSA.
Tor is also more dangerous since the dark web is filled with CP, gore, markets (which are scams), red rooms (which are fake), etc.
Referenced by:
P6391
P6629
P6385
sage
Wed 2022-08-17 15:42:49
link
reply
This shitpost was brought to you today by NordVPN
https://nordvpn.com/
Referenced by:
P6386
P6389
Wed 2022-08-17 15:54:24
link
reply
>reeeeeeeeeeeeeeeeeeeeee YOUR BANDWIDTH IS RAPING MEEEEEEEEEEEEEEEEE!
You are a
N N I GGG GGG EEEEE RRR |
NN N I G G E R R |
N N N I G GGG G GGG EEEE RRRR |
N NN I G G G G E R R
N N I GGG GGG EEEEE R R O
P6392
SAGE
Wed 2022-08-17 16:24:24
link
reply
>journalists
fake news. there are no independent journalists. they are and always have been government agents, knowingly or not. in many cases, they are outright spies using it as a cover. (see yuri bezmenhov)
>whistleblowers
leftist trash who want more control over other people's lives, not less, just as long as it's their brand
P6402
Wed 2022-08-17 20:31:37
link
reply
2d5be02319908bc7735345f04595458a2ac3fe1e1da56b87c9f2ec8279716303.jpg
182 KiB 600x800
Fuck it, I'll bite
[spoiler:
because I have absolutely nothing better to do.
]
>Tor was designed to protect high risk individuals like journalists and whistleblowers
The point of an anonymity network is to be anonymous. The less kinds of people there are on an anonymity network, the less effective it is as one. The reasons for this are intuitive: if only journalists and whistleblowers are using the Tor network, you know that any connection coming from Tor is going to be from a journalist or whistleblower. Journalists and whistleblowers make up a relatively small minority of the general populace, and with a smaller anonymity set to cover, adversaries have less possible suspects (meaning, there is less work to identify you). This is, in my opinion, the sole reason why Tor > I2P (for now).
>and Tor bandwidth isn't unlimited.
Eh, it works enough for us to download videos through Invidious 1MB/sec, so we aren't necessarily struggling to accomodate people here. Run some nodes if you want to improve it.
>By using Tor, you're stripping entry and usage nodes of their resources and bandwidth thus harming high risk people. Tor is for journalists and whistleblowers, not regular users.
Look up.
>Most people should use a VPN for privacy since they are not high risk and you know who you're trusting with your data,
There are a number of reasons why VPNs fall WAY short of Tor as a privacy solution:
1. Single point of failure (or worse!): Mentioning this when discussing VPNs VS Tor is a cliché at this point, but I'll talk about it anyway. A VPN company has access (in some way or another) to all records of your usgae of them.
>inb4 no-logging audit
They can stop logging for the period of the audit, and even if they truly didn't log, that does not preclude real-time tracking. The design of Tor is meant to protect you EVEN IF someone is logging, as no one point is enough to know both who you are and what you're connecting to. But, there is something wrong with calling VPNs a single point of failure, because oftentimes, it's actually even worse:
1.1. Traffic confirmation: With Tor, when someone monitors both your connections from your ISP and connections to the website that you're visiting, they'll see a Tor guard node and a random Tor exit node (not enough to instantly associate the connections, but can be increasingly dangerous the more this happens). With a VPN, they see THE EXACT SAME IP.
1.2. Multiple (non-redundant) points of failure: Most VPN companies rent a good portion of their servers (including the beloved Mullvad), meaning more parties can log your traffic than you think. (only one I know of that doesn't is VyprVPN)
>and since VPNs are paid for, you aren't robbing people of resources.
2. There is no "VPN browser:" When you're using a VPN, there's no clear way to blend in with a large enough portion of the userbase
[spoiler:
unless you think using Jewgle Chrome is an option for privacy
]
, so any fingerprint that your browser has can become associated with whatever you do with it over time.
3. Lack of stream isolation: This is an underrated feature of Tor that I don't think gets brought up enough. Any website that you visit over Tor, a different exit node is automatically selected for it. This (in combination with the fact that Tor browser isolates cookies) means that even if two (clearnet) websites that you visit simultaneously are controlled by the same person, they can't directly associate the visits, unlike VPNs, where they see the same IP address visiting both sites.
>Resources that people volunteer is being robbed from them.
>By using Tor, you could be exposing your browsing history to strangers or even the NSA.
First off, only exit nodes can see your browsing history, and that's only when you're connected to clearnet sites (they're irrelevant on onionsites, as you're never EXITing the Tor network with those). Second, this literally doesn't matter because they can't associate the traffic with you, it's mixed in with the noise of potentially millions of other people who use Tor (especially when you're connected through HTTPS, then they can't see the specific page or the traffic that you're sending to a given site).
>Tor is also more dangerous
Hardly.
>since the dark web is filled with CP,
Not enough of it. ;)
>gore,
Lrn2perspective. This shit is all over the clearnet too.
>markets (which are scams), red rooms (which are fake), etc.
A fool and his money are soon parted. What more should Tor do to protect people from their own retardation?
Referenced by:
P6413
P8215
P10670
P6410
Thu 2022-08-18 01:03:55
link
reply
>the sole reason why Tor > I2P
yea if you are on i2p there is a 98.7% chance you are russian
>the dark web is filled with CP, gore, markets (which are scams)
you didnt even need to reply to this because the clearnet is even more so idk what was the point being made here, too obvious bait tbh
Referenced by:
P6424
P6413
Thu 2022-08-18 02:55:13
link
reply
P6402
What do you think about selfhosted vpns?
Referenced by:
P6424
P6424
Thu 2022-08-18 05:11:37
link
reply
edc6797cbae97b2b3fe8413c209239320d893025c05c98374938bfe8c0a9d93a.jpg
469 KiB 980x886
P6410
>you didnt even need to reply to this because the clearnet is even more
To be fair, CP sharing communities and especially DNMs are some of the most active onionsites. Even boy-only CP boards make the entire Nanosphere combined look like a ghost town.
[spoiler:
Of course, this is only something I've heard, I haven't actually been to said places, kind strangers from the LEAs.
]
This has nothing to do with the safety of simply using Tor, however.
P6413
>selfhosted vpns
IMO it doesn't really make much of a difference. To start with:
1. It doesn't fix point 1 because the ISP that your selfhosted VPN is using can still log connections in and out.
1.1. It doesn't fix point 1.1 because the same IP address can be seen from both sides.
1.2. It only fixes point 1.2 if you're the only one with access (physical or remote) to the server.
2. It arguably makes point 2 even worse, because there is NO userbase besides yourself (or whoever you let use it). So, even if there were a common enough browser configuration that was good for nanonymity, you'd still be fingerprintable by the fact that you're one of only few people who ever browses through this VPN.
3. It doesn't fix point 3 because there's still no stream isolation, two websites that you visit simultaneously see the same IP address.
Supposedly, before Tor, the U.S. Intelligence Community once used a system where they started front companies (which they'd create encrypted connections to) for research on persons of interest (so, sort of like their own elaborate self-hosted VPN). Ironically, the spies had so many basic OPSEC fails (like being logged into Facebook while they do their "anonymous" searches) that they had to create way more of these than they needed to (wasting gorillions of taxpayer dollars):
> ... as intelligence increasing became "cyberintelligence" (a term used to distinguish it from the old phone-and-fax forms of off-line SIGINT),
[bold:
old concerns also had to be updated to the new medium of the Internet. For example: how to research a target while remaining anonymous online.
]
>This issue would typically emerge when a CO would search the name of a person from a country like Iran or China in the agency's databases and come up empty-handed. For casual searches of prospective targets like these, No Results was actually a fairly common outcome: the CIA's databases were mostly filled with people already of interest to the agency, or citizens of friendly countries whose records were easily available.
[bold:
When faced with No Results, a CO would have to do the same thing you do when you want to look someone up: they'd turn to the public Internet. This was risky.
]
>[1 paragraph redacted to save time because I'm manually typing this shit out lol]
>It may be hard to believe, but the agency at the time had no good answer for what a case officer should do in this situation, beyond weakly recommending that they ask CIA headquarters to take over the search on their behalf.
[bold:
Formally, the way this ridiculous procedure was supposed to work was that someone back in McLean would go online from a specific computer terminal and use what was called a "nonattributable research system." This was set up to proxy
]
-that is, fake the origin of-a query before sending it to Google.
[bold:
If anyone tried to look into who had run that particular search, all they would find would be an anodyne business
]
located somewhere in America-one of the myriad fake executive-headhunter or personnel-services companies
[bold:
the CIA used as cover.
]
>I can't say that anyone ever definitively explained to me why the agency liked to use "job search" businesses as a front; presumably they were the only companies that might plausibly look up a nuclear engineer in Pakistan one day and a retired Polish general the next.
[bold:
I can say with absolute certainty, however, that the process was ineffective, onerous, and expensive.
]
To create just one of these covers, the agency had to invent the purpose and name of a company, secure a credible physical address somewhere in America, register a credible URL, put up a credible website, and then rent servers in the company's name. Furthermore, the agency had to create an encrypted connection from those servers that allowed it to communicate with the CIA network without anyone noticing the connection.
[bold:
Here's the kicker: After all of that effort and money was expended just to let us anonymously Google a name, whatever front business was being used as a proxy would immediately be burned-by which I mean its connection to the CIA would be revealed to our adversaries-the moment some analyst decided to take a break from their research to log in to their personal Facebook account on that same computer.
]
Since few of the people at headquarters were undercover, that Facebook account would often openly declare, "I work at the CIA," or just as tellingly, "I work at the State Department, but in McLean."
>Go ahead and laugh. Back then, it happened all the time.
>During my stint in Geneva, whenever a CO would ask me if there was a safer, faster, and all-around more efficent way to do this, I introduced them to Tor.
(The above was an excerpt from Permanent Record by Edward Snowden. It's available on LibGen and there's a little bit more explanation as to why he recommended Tor (what I quoted starts at page 153):
https://libgen.rs/book/index.php?md5=A5BDA164BB2B8419C57E57012A2F7F82
)
Referenced by:
P6428
P6468
P7513
P8215
P6428
Thu 2022-08-18 07:39:04
link
reply
P6424
How do I accept my homosexuality? I'm deeply repressed.
Referenced by:
P6431
P6445
Thu 2022-08-18 14:21:12
link
reply
My dad is a security researcher and he recommends NordVPN for security. He says that Tor is insecure. You guys aren't security researchers so I refuse to listen to anything you say.
Referenced by:
P6453
P6468
P6481
P6468
Thu 2022-08-18 20:51:24
link
reply
c5529fa80f97b5ad3a754f7fb106ea68ca8f9619647e81176ee620bee169f230.jpg
693 KiB 1200x800
P6445
Sir. I have encouraged people to check the source I linked.
P6424
>(The above was an excerpt from Permanent Record by Edward Snowden. It's available on LibGen and there's a little bit more explanation as to why he recommended Tor (what I quoted starts at page 153):
https://libgen.rs/book/index.php?md5=A5BDA164BB2B8419C57E57012A2F7F82
)
Snowden has worked in cybersecurity for the U.S. National Security Agency before, so if you don't want to listen to me, listen to what he said, sir. Also, the credentials fallacy is not a valid argument, sir. If your security researcher dad has an issue with what I've said, get him to come in here and explain on what points I'm wrong, sir. I may not be an expert, sir, but I would like to learn about any gaps in my knowledge, sir. If you have no direct argument against what I've said, then I will assume you are trolling, sir. Sir.
P6471
Thu 2022-08-18 21:14:38
link
reply
TOR is just for child rapers, terrorists, and criminals who use 2D-girl pics without their creator's approval like the admin here. We must kill all TOR users ASAP.
Referenced by:
P6491
P6472
Thu 2022-08-18 21:21:05
link
reply
>Don't use tor because it protects high risk people
>Don't use tor because it doesn't protect you and actually sends your browsing history to the nsa.
P6481
Fri 2022-08-19 00:36:03
link
reply
P6445
[spoiler:
spoiler?
]
P6484
Fri 2022-08-19 01:03:18
link
reply
6623ef4dd266241e38be4eea18bc1d1634916ea5206c1e8424c10d0a9cf61fac.png
73.1 KiB 559x448 (retard wojak)
I'd just like to interject for a moment. What you're referring to as Tor, is in fact, GNU/Tor, or as I've recently taken to calling it, GNU plus Tor. Tor is not a VPN unto itself, but rather another free component of a fully functioning GNU network made useful by the GNU servers, encryption, and vital network components comprising a full VPN service as defined by POSIX.
Referenced by:
P6519
P6491
Fri 2022-08-19 02:46:20
link
reply
fc8aabba1b37685ec532d9c2af8f070e77cf01566d18ab3d94de94a2ef88fe20.jpg
29.7 KiB 717x666
P6471
>TOR
*Tor, nigger.
>TOR is just for child rapers, terrorists, and criminals who use 2D-girl pics without their creator's approval like the admin here.
Sounds pretty based to me
[spoiler:
assuming by child "rape" you mean consensual sex.
]
Referenced by:
P6519
P6529
P6605
P6519
Fri 2022-08-19 15:02:00
link
reply
P6484
P6491
>the naming of the software matters
yeah whatever nigger
P6529
sage
Fri 2022-08-19 19:39:18
link
reply
P6491
Children can't consent, though.
P6605
Sat 2022-08-20 20:03:42
link
reply
P6491
TOR was original name
Referenced by:
P6617
P6607
Sat 2022-08-20 20:20:13
link
reply
[bold:
T
]
he
[bold:
O
]
nion
[bold:
R
]
outer
Referenced by:
P6617
P6617
Sat 2022-08-20 21:16:38
link
reply
a7d111d97710e444e5b2a999447a1bd6976721675a4f0a2c8b15afbfd2dceb58.jpg
98.3 KiB 753x586
P6605
P6607
It's Tor, the onion routing.
http://rzuwtpc4wb3xdzrj3yeajsvm3fkq4vbeubm2tdxaqruzzzgs5dwemlad.onion/about/index.html#why-is-it-called-tor
http://tv54samlti22655ohq3oaswm64cwf7ulp6wzkjcvdla2hagqcu7uokid.onion/posts/2021-02-22-tor-spelling/
P6626
Sat 2022-08-20 21:41:26
link
reply
[bold:
T
]
he
[bold:
O
]
nion
[bold:
R
]
outer
It's T.O.R.
Not TOR, not tor, T.O.R. It's an acronym. Remember the periods.
[bold:
T.O.R.
]
Referenced by:
P6669
P6629
Sat 2022-08-20 22:22:40
link
reply
a370697a0af7ea59049feaf7a250b78aef57c14b90f4f8e565984c8b643b4991.jpg
9.36 KiB 193x261
>>
P6384
You can't just take a shit in the middle of a TOR based IB like that and not propose any alternatives.
I'm just going to say it, i2p is superior anyway; it just takes time to get running and it can be a bitch to configure sometimes.
We should be basing everything in i2P, ideally all programs and websites should be compatible with both the eepsite and .onion schemes with an easy way to direct them either to a dedicated tor or i2p standalone router with a boot to ram OS (which is not currently possible on raspberry pis), but I'm personally not prepared for that move yet.
>Eh, it works enough for us to download videos through Invidious 1MB/sec, so we aren't necessarily struggling to accomodate people here. Run some nodes if you want to improve it.
Imagine not downloading all your porn and media through a mixer router. Kek.
>Ironically, the spies had so many basic OPSEC fails (like being logged into Facebook while they do their "anonymous" searches) that they had to create way more of these than they needed to (wasting gorillions of taxpayer dollars):
Doesn't surprise me. A certain percentage of NSA agents use your collected nudes and info as their version of tinder/grindr and contact their surveillance targets on the side.
Referenced by:
P6669
P6631
Sat 2022-08-20 22:43:13
link
reply
eb59735bb914027aa9fdda3742fcce3d6b4ce197940f45d4fb9c85d1331dc265.gif
1.90 MiB 487x371x1.32s
the final redpill is that, in the end, it's every tranny for xirself, and so you just have to leverage any identity group that will accept you in order to amass personal power and fuck over anyone who gets in your way, even if they helped you get to where you are now.
everything, and i mean literally *everything* else presented as (((based))) is a psyop orchestrated by someone else.
"there's a sucker on one side of every deal. if you don't know who it is, then it's you."
-mark cuban
P6636
Sat 2022-08-20 23:11:47
link
reply
698067b3fae54c38229910aaa42db80dd1a6a2c6df808d27c5a0e224bad36231.jpg
12.6 KiB 219x230
>the final redpill is that, in the end, it's every tranny for xirself, and so you just have to leverage any identity group that will accept you in order to amass personal power and fuck over anyone who gets in your way, even if they helped you get to where you are now.
You mean unless your goal is modifying the system and you have the skills and insight to transform their operations, forcing all the parties in the system to modify themselves without your direct leadership?
It would be nice to have a group because I'm lonely and broke, but that would attribute all the things I'm doing to them in the eyes of the other parties that are able correlate my activity to changes in the world that they may or may not like.
Referenced by:
P6637
P6637
Sat 2022-08-20 23:19:31
link
reply
d9fae500fb07db0619c56762add64a567014f1afbbd93aabecd4c7c5ca4bb8c5.jpg
11.1 KiB 319x158
>>
P6636
I regularly talk shit about the people I like just to throw people off their trail, occassionally I find out they had a freak out about it and I feel so guilty, but can't say anything.
I wonder if it's even necessary anymore though.
The thing about me joining a group is that inadvertently that would come off as approval of everything the group did. So if I wasn't in charge of it with control over the members, they could get away with quite a lot and other groups familiar with me would be averse to making a move against them, even if what they were doing was something I opposed as well.
It's all kind of complicated. My main concern right now is just having enough money to do stuff and not being interrogated and dragged off to a blacksite everywhere I go or tricked into being blackmailed (which is mostly useless against me) or becoming dependent.
P6638
Sat 2022-08-20 23:38:10
link
reply
c956492ba8046b875cfe2b8a39f793c7521faa3694b806c073a3e47a6186c9af.jpg
10.7 KiB 225x225
I think realistically, I could get people to put money into a trust fund for me in exchange for access to me so they can try to get a heads up on things, but that's only possible if I can deny access, which I can by just creating a new layer of abstraction and various cognitive blocks for those that interact with me.
The surveillance kind of concerns me because maintaining my appearance isn't 100% consistent. One of the surveilors saw my underlying facial configuration and reacted and colors keep escaping. I know that their cognitive errors should just aggregate the conceptions of appearance and take the median as the mental model and they won't think anything of it. Even if they line all the pictures up side by side, the cognitive block should just force them to see them as the same person. If they ever find a person with no exposure and show them individual pictures and ask them if that's the same person I could end up as anomaly #1.
So that's the danger of giving consistent access.
P6639
Sun 2022-08-21 00:23:21
link
reply
ad9111935f7d2f3d92735716ee6f27aedff41be490eb606dcaf6db802c72d2f5.jpg
16.2 KiB 275x183
Come to think of it, the one that did it first would have a major advantage by being able to appoint the account manager that approves fund dispersal.
If others added to that fund, the same manager would have control.
Having multiple ones would prevent denial of funds by any given manager and force them to compete, but I'm probably not going to go out of my way to get multiple ones because I'm lazy like that.
The best thing about trust funds is that under normal circumstances a lawsuit can't access the funds, they can be done anonymously, and at the same time it gives me an incentive to not end up in prison or blacksite.
P6669
Sun 2022-08-21 05:26:05
link
reply
3c7bed7b71b8bb5c03e0a215e8cc8343c5f2a6864d0fdb0d1f5abab9b954e162.jpg
116 KiB 800x1000
P6626
The Tor Project themselves say otherwise, and they rule over us so they're right:
http://rzuwtpc4wb3xdzrj3yeajsvm3fkq4vbeubm2tdxaqruzzzgs5dwemlad.onion/about/index.html#why-is-it-called-tor
P6629
>You can't just take a shit in the middle of a TOR based IB like that and not propose any alternatives.
[spoiler:
Well yeah, it's obvious bait. I only responded here because I had nothing better to do.
]
>A certain percentage of NSA agents use your collected nudes and info as their version of tinder/grindr and contact their surveillance targets on the side.
Funni if true.
Referenced by:
P6700
P6700
Sun 2022-08-21 16:35:39
link
reply
6d26339e459ab08981a61a3baca1ef583f685f060ff2ee655a2793766f8db1ca.png
269 KiB 450x488
P6669
All heil the Torah overlords!
P6723
Mon 2022-08-22 02:13:44
link
reply
Since this is a tor thread, I'll ask here. How truly compromising is enabling javascript for certain websites? Like what are the consequences for enabling javascript on
https://mootxi.co
or something like that as opposed to enabling it on some fagman or equivalent site. What are the consequences (to privacy, anonymity etc) for allowing javascript on some websites and not others? Also with NoScript, for your "default" settings do you enable anything else besides frame, noscript, and other? And do you check "Override Tor Browser's Security Level preset"? Also isn't css another thing they can fingerprint you with?
I'm a noob, so sorry if these are obvious
Referenced by:
P6738
P6794
P6738
Mon 2022-08-22 13:27:49
link
reply
516b6cb004af3086c9833725caaa5b5564f33b3a2d0f95d17710178706b508fe.jpg
11.0 KiB 225x225
>>
P6723
NoScript historically has been unreliable with exploits that enabled javascript and I have personally seen that happen. Noscript is for normies to avoid tracking and fingerprinting scripts, not to stop hackers from infiltrating a system.
On the darkweb, everyone has javascript disabled, but everyone still gets hacked at least a few times (which is why OpSec practices like booting to ram, a dedicated internet connection, stripping out bluetooth and wifi from a computer, and periodically wiping and reinstalling or flashing router OS and firmware is so important).
What you want to do is enable Noscript to max security AND disable javascript in the browser using the about:config > java = disabled route.
Ideally the browser would be limited to HTML and not have javascript plugins at all.
To answer the actual question, I think Javascript should be seen as a threat because of fingerprinting and because it can run malicious scripts that compromise other elements of the machine. Javascript is just the starting point of some sophisticated infiltration, a place to upload something malicious and have it run on an open program.
Referenced by:
P6746
P6794
P6805
P6746
Mon 2022-08-22 15:12:36
link
reply
P6738
>On the darkweb everyone still gets hacked at least a few times
sounds like fud tbh
Referenced by:
P6751
P6794
P6819
P6751
Mon 2022-08-22 16:17:23
link
reply
16965e9c4d3573e2a6bc64f10da00f839a228319634a1616072aecc6680da57c.jpg
5.15 KiB 207x243
>>
P6746
But it's true. Especially on certain sites that are used as training grounds for hackers like the darkweb chats.
The thing is, at least in the Western world, the chips are compromised because law enforcement and intelligence insists on it. It's not actually necessary to do something like run a suspicous file to get hacked. And the automation of so many exploits and groups specializing in every program, every OS, and every device, basically, means you're going to get hacked.
For the time being, while hardware is compromised, we can only focus on mitigating intrusions and the damage they can do with things like software hardening, physical isolation of personal information, and boot to ram schemes to keep systems free of persisting RATs.
P6794
Tue 2022-08-23 04:00:01
link
reply
0b0a239bc064043a7e37aa128720c8ebac962a37a6f413089b51c0511750ad4b.jpg
161 KiB 589x800
P6723
>How truly compromising is enabling javascript for certain websites? Like what are the consequences for enabling javascript on
https://mootxi.co
or something like that as opposed to enabling it on some fagman or equivalent site. What are the consequences (to privacy, anonymity etc) for allowing javascript on some websites and not others?
It depends. Since darknet markets and CP sharing communities are the most targeted by law enforcement, they are naturally going to be the most likely to compromise you if you visit them with JavaScript enabled. It's possible that RCE exploits could be used to deanonymize you. Meanwhile, if you're doing shit that isn't likely to get you targeted by law enforcement, like watching cooking tutorials or some autistic Minecraft video, only untargeted (mass) surveillance is a concern. Fingerprinting could be done by AI profiling your keystrokes (which are presumably as unique as handwriting) and/or mouse movements (the latter of which can be done with CSS too, but isn't as practical or effective):
http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Surfing_Posting_Blogging#Keystroke_Fingerprinting
>Also with NoScript, for your "default" settings do you enable anything else besides frame, noscript, and other? And do you check "Override Tor Browser's Security Level preset"?
I personally don't fuck with it. As
P6738
mentioned, NoScript has proven unreliable for blocking JavaScript exploits on some occasions. There have been
[bold:
at least 3
]
vulnerabilities in which JavaScript could run when it shouldn't have been able to:
https://techreport.com/news/28570/noscript-vulnerability-allows-malicious-scripts-to-run-unchecked/
(2015)
https://www.securityweek.com/zerodium-discloses-flaw-allows-code-execution-tor-browser
(2018)
https://www.zdnet.com/article/tor-team-warns-of-tor-browser-bug-that-runs-javascript-on-sites-it-shouldnt/
(2020)
And, also as mentioned by
P6738
, if you really want to protect against JabbaShit, you should go into about:config and set the value of javascript.enabled to false. While you're at it, I'd also recommend disabling the PDF reader in Tor Browser by setting the value of pdfjs.disabled to true.
>Also isn't css another thing they can fingerprint you with?
Yes, but to a much lesser extent. Besides mouse fingerprinting mentioned above, it can also fingerprint you based on your window size (which is why Tor Browser does letterboxing):
http://tv54samlti22655ohq3oaswm64cwf7ulp6wzkjcvdla2hagqcu7uokid.onion/posts/2016-09-04-how-css-alone-can-help-track-you/
P6746
It isn't necessarily impossible, seeing as traffic confirmation attacks, website fingerprinting attacks (
http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Fingerprint#Website_Traffic_Fingerprinting
) and exploits that could be done with only HTML+CSS (
https://security.stackexchange.com/questions/123733/browser-exploits-based-purely-on-html-css
) have existed and could compromise people in theory. Thing is, we haven't really heard of Tor users being compromised by those (alone?) in practice, so whether they're FUD or serious threats remains in question.
Referenced by:
P6805
P6806
P7512
P57315
P6797
Tue 2022-08-23 05:30:37
link
reply
e1a1b6438321d1a7e969e65c23635807b063523ded95ae2f0ee489629b75ec00.jpg
6.55 KiB 300x168
>While you're at it, I'd also recommend disabling the PDF reader in Tor Browser by setting the value of pdfjs.disabled to true.
I didn't know to do this. I'll add it to my startup hardening list. A hardening list is never too big.
Referenced by:
P6817
P6805
Tue 2022-08-23 07:32:38
link
reply
959833b88fb5d3c7c790f8b6a8b534ec9f3e95aa48efef2d8b863269d0a9357a.png
1.42 MiB 1280x1024
P6738
P6794
Thanks for the advice. I've set javascript.enabled to false and also set pdfjs.disabled to true. (good post as always uekeeeeeeeeeeeeeeee). But still it's fucking annoying making mistakes, lucky for me I've done nothing "wrong" yet.
Referenced by:
P6817
P6806
Tue 2022-08-23 07:52:37
link
reply
P6794
>I personally don't fuck with it.
Btw do you still have it enabled and installed? Because wouldn't deleting it/disabling it affect anonymity?
Referenced by:
P6817
P6817
Tue 2022-08-23 11:40:50
link
reply
9919b606f4bc8e42a480b07cb930caa7ffbcad721bc477ec7fa9d9fc9ca50fe3.jpg
332 KiB 816x612
P6797
>I didn't know to do this.
Right, it isn't the
[bold:
most
]
important setting to change (seeing as PDFs aren't quite as ubiquitous as websites that use JabbaShit) but it's still a good idea, seeing as PDFs themselves can contain JabbaShit code, you'll want clicking on a link to one of them to give you the option to download them instead of automatically opening them in your browser (that's what changing this setting does). If you ever do need to open them, the best practice is to use an airgapped system, or anything you can ensure will be offline.
>A hardening list is never too big.
Indeed.
P6805
>(good post as always uekeeeeeeeeeeeeeeee).
*headpats in gratitude for le compliment*
>lucky for me I've done nothing "wrong" yet.
;)
P6806
>Btw do you still have it enabled and installed? Because wouldn't deleting it/disabling it affect anonymity?
Yes, by what you quoted I meant that I didn't do anything with it one way or the other, I leave it as it is. My routine is as follows:
1. Set Tor Browser Security Level to "Safest."
2. Go to about:config.
3. Set the value of javascript.enabled to "false" and pdfjs.disabled to "true."
Otherwise I don't edit any settings (or add/remove anything) at all.
[spoiler:
Except when I have to disable CSS for specific webpages because of some websites making it harder for non-JavaScript users to view their content.
]
P6819
Tue 2022-08-23 12:16:33
link
reply
P6746
Indeed it is.
P6862
Tue 2022-08-23 18:45:49
link
reply
For those who don't want to use Tor here is the safest way to browse:
1. Use Google Chrome (Microsoft Edge if you're on Windows)
2. Do not install any extensions
3. Do not change any settings
Everyone should stick to the default config so that everyone is uniform and thus harder to track. Changing even one thing like your search engine or disabling telemetry will make you stand out thus worsening privacy.
[spoiler:
this is stupid isn't it. Literally use LibreWolf or anything else besides Chrome if you don't want to use Tor.
]
Referenced by:
P6877
P6877
Tue 2022-08-23 22:41:16
link
reply
66c40f89073bec18c5b84ba03bc7bcd480465fdefb2a4f2948a1f85d2e740b46.gif
2.12 MiB 498x272x4.80s
P6862
For those who don't want to use Tor here is the safest way to browse:
1. Don't browse.
P7513
Sun 2022-08-28 05:03:01
link
reply
b089434ff7a8b18cc0d41fbfea9ffe1c2d0ba60e9ae3c72403b19ac21f38bb81.jpg
53.3 KiB 569x643
P6424
I agree with all your points. But as far as vpns go, a selfhosted one is the best.
1.2. It only fixes point 1.2 if you're the only one with access (physical or remote) to the server.
You can make it so Openvpn doesn't log at all but that doesn't mean that the server owners won't log it.
>2. It arguably makes point 2 even worse, because there is NO userbase besides yourself (or whoever you let use it). So, even if there were a common enough browser configuration that was good for nanonymity, you'd still be fingerprintable by the fact that you're one of only few people who ever browses through this VPN.
I alternate between a couple vps providers, regularly delete accounts, delete a server if it is older than 3 days. Openvpn takes like 2 mins to set up. I don't really use the clear net that much. Also use mullvad sporadically. My opsec is very low threat so of course this stuff would mean nothing if someone wanted to know, but no one will piece this all together. And I alternate between Monero and my Grandmas credit card to pay for it lol. I spoof my mullvad data.
Referenced by:
P7677
P7677
Mon 2022-08-29 04:15:46
link
reply
f2f082cb45a0a22f08e555dcedb6af0a1a015f40253fee3fef312c61f095224c.jpg
147 KiB 850x1182
P7513
>I alternate between a couple vps providers, regularly delete accounts, delete a server if it is older than 3 days. Openvpn takes like 2 mins to set up. I don't really use the clear net that much. Also use mullvad sporadically.
Ah, so you're compartmentalizing different self-hosted (-Mullvad) VPNs. That's slightly different from what I had imagined. Still, activities from each still become linked over time (but not with each other), so it would be essential to not mix anonymity modes (shouldn't be done anyway, but especially in this context:
http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/DoNot#Mix_Anonymity_Modes
, replace "Tor" with "anonymity solution.")
>My opsec is very low threat so of course this stuff would mean nothing if someone wanted to know, but no one will piece this all together.
I guess not if you aren't known to be doing anything (((the owners))) don't like.
>And I alternate between Monero and my Grandmas credit card to pay for it lol.
Lol.
>as far as vpns go, a selfhosted one is the best.
I'm still not so sure when you're using the word "one," but later describing a semi-elaborate system utilizing multiple of them. If you were using only one, point 2 would still stand.
Nym ? Tor > I2P > Compartmentalized self-hosted VPNs > Commercial VPN(s) > Single self-hosted VPN
Referenced by:
P7680
P7680
Mon 2022-08-29 05:24:55
link
reply
f4cd2953f904dd0995b07caac3c8ee4846f16adc5ded23f54eedbd55fdeddd12.jpg
81.0 KiB 637x898
P7677
>Ah, so you're compartmentalizing different self-hosted (-Mullvad) VPNs. That's slightly different from what I had imagined. Still, activities from each still become linked over time (but not with each other), so it would be essential to not mix anonymity modes (shouldn't be done anyway, but especially in this context
I just read what you had written and agreed with it but wanted to share my method which mitigates or tries to address the various limitations that relying on a vpn produces (which you listed).
>I guess not if you aren't known to be doing anything (((the owners))) don't like.
Exactly, honestly my way of thinking (am just a pleb, no one cares, by taking any measures at all I'm effectively completely dodging all mass ubiquitous default surveillance...like implicit automatic datamining...not really sure how to describe it. I think you get it) thinking like that isn't good, rather i should act as if bad actors ARE explicitly trying to spy on me.
>I'm still not so sure when you're using the word "one," but later describing a semi-elaborate system utilizing multiple of them. If you were using only one, point 2 would still stand.
Yeah I should have clarified better. I am not using one, I'm utilizing multiple VPNs, with multiple VPS, running and deleting multiple servers. This is my method.
>Have multiple VPS services aka an account with 1984, Digital Ocean, Vultr, *****, *****, etc
>Alternate between these VPS services and deploy a new server (always in a random country that I haven't done before) and setup Openvpn with no logs
>So for two days I will use Openvpn with 1984, delete the server and switch to my digital ocean account.
>it takes 2 mins to setup Openvpn, I also use Wireguard sometimes but Openvpn I'm more familiar with
>If one of my VPS runs out of money I delete it.
>pay with Monero and different family members credit cards.
>don't use these vpns while signing into anything explicitly linked to me, finances etc
>Sometimes use mullvad which I share with lots of people.
umm hmm I forget. I think that's the extent of it. But I've been meaning to ask, you can use things like gallery-dl and yt-dlp through tor right? That's kinda the reason I do all this but it kinda feels like it's an ocd compulsion that makes me do it. I just want to make it harder for them. Ohh I remember, I was going to try and write out what this method would exactly achieve but if you feel like doing it, you would probably be better able to accurately discern it's benefits and or limitations.
>Tor > I2P > Compartmentalized self-hosted VPNs > Commercial VPN(s) > Single self-hosted VPN
yep. I haven't really done any research on I2P, what makes tor better?
Referenced by:
P7717
P7717
Mon 2022-08-29 14:57:16
link
reply
60737d9fc630f6c76e48164f4a3719e8c563dbe0beac78006d79b74ab65d1d61.jpg
90.6 KiB 560x800
[spoiler:
My apologies if I come across as a know-it-all by going into some questions you didn't ask here, I'm just enthusiastic about spreading nanonymity solutions as far as possible. It took me 2 hours to write my wave of replies because I get distracted a lot mid-writing lol.
]
P7680
>I just read what you had written and agreed with it but wanted to share my method which mitigates or tries to address the various limitations that relying on a vpn produces (which you listed).
>I am not using one, I'm utilizing multiple VPNs, with multiple VPS, running and deleting multiple servers. This is my method.
>Ohh I remember, I was going to try and write out what this method would exactly achieve but if you feel like doing it, you would probably be better able to accurately discern it's benefits and or limitations.
For what it's worth, it does have a few benefits over both a single self-hosted VPN solution and any commercial VPN solution:
1. There's one less party involved. Usually, commercial VPNs (except for VyprVPN AFAIK) rent a good deal of their servers from VPS providers themselves. In that scenario, the parties that know and may log the traffic coming in and out include (one never knows on the Internet who it's limited to, though):
a. Yourself (for your own traffic)
b. The commercial VPN provider
c. The provider
d. Their ISP
In your scenario, it's:
a. Yourself
b. The provider
c. Their ISP
2. Since you're alternating between multiple different VPS services, if one of them is compromised (or was logging traffic to begin with), they don't have access to the whole package, so to speak (but still to some of it). The fact that you delete and switch every few days could help too, to some degree.
3. You're not using anything explicitly linked to you when using the VPS services, which is good.
However:
1. There is no "VPN browser." Websites can still fingerprint you based on your browser setup.
2. Even if only some of your activity can be logged by any given service, it is still your activity. Now, if you chained different servers together, so that only one knew your IP address and only one knew the websites that you visit (neither of them knowing both unless they happen to be controlled by the same organization), that would dramatically improve the privacy of it, but even then, the following 2 points hold:
3. There is no stream isolation, the one that you chose to see the websites that you visit would see
[bold:
all
]
of the websites that you visit for the time that you use it.
4. In addition to stream isolation, Tor changes the circuits that you use (the path from guard, to middle, to exit node) over a period of time too. The guard node changes every 12 weeks (or every session if you use Tails). The logic behind this: If your guard node and the people who can monitor it are innocuous/out of an adversary's reach, then no adversary
[bold:
within
]
the Tor network is going to find your IP address for another 3 months, making them waste money to keep their nodes for that period. (This doesn't preclude an adversary finding out your IP address with browser exploits, however, which is why Tor users, especially high risk ones, are often advised to disable JavaScript) The middle and exit nodes change
[bold:
every 10 minutes.
]
This means that not only is an exit node unaware of who you are, but even if they could begin to distinguish one user from another, it won't mean much because one's time to see what websites you visit expires... basically after I finish fapping lol. And they'll usually be able to see one at a time because of the aforementioned stream isolation, so the chances are that the exit node will only see one random Tor user accessing one random website, and then they'll be swapped out for another exit node that will see the same.
[spoiler:
One exception to this is that a Tor circuit will sometimes be kept if you're downloading something that takes you longer than 10 minutes to download over Tor. After said download is complete, it will cycle out. Same thing with IRCs until you disconnect.
]
(
https://support.torproject.org/about/#change-paths
)
>But I've been meaning to ask, you can use things like gallery-dl and yt-dlp through tor right?
I've never used those, but I don't see why Tor would prevent it. In any case, a ton of non-JavaScript dependent, Tor-friendly frontends for various clearnet services have been developed besides the darknet-famous Invidious. These allow you to browse (some with more limitations than others) these websites with much of their original BS removed. Browse these over Tor (some even have onionsite instances if you're extra paranoid about exit nodes), and compartmentalize across instances, and your activity will be more or less completely private:
For YouTube - Invidious:
https://api.invidious.io
For Twitter - Nitter:
https://github.com/zedeus/nitter/wiki/Instances
For Instagram - Bibliogram:
https://git.sr.ht/~cadence/bibliogram-docs/tree/master/docs/Instances.md
For Reddit - Teddit or Libreddit:
https://codeberg.org/teddit/teddit
,
https://github.com/spikecodes/libreddit
For Google Translate, DeepL, ICIBA, Reverso - SimplyTranslate:
https://simple-web.org/projects/simplytranslate.html
For Imgur - Rimgo:
https://codeberg.org/video-prize-ranch/rimgo
For Odysee - Librarian: No instance list ATM that doesn't require JS for some reason, just go to
https://librarian.pussthecat.org/
or
https://lbry.bcow.xyz/
For TikTok - ProxiTok:
https://github.com/pablouser1/ProxiTok/wiki/Public-instances
For IMDB - Libremdb:
https://github.com/zyachel/libremdb
For Quora - Quetre:
https://github.com/zyachel/quetre
Found most of the above through
https://pussthecat.org
, but there's actually a few more sites and tricks I've learned about to fetch certain content with my no-JS Tor setup:
For PeerTube - SimpleerTube:
https://simple-web.org/projects/simpleertube.html
For XVideos - PornInvidious:
https://simple-web.org/projects/porninvidious.html
For Wikipedia - Wikiless:
https://codeberg.org/orenom/wikiless
[bold:
This one might be counterproductive for anonymity though, since most Wikipedia content (in my experience) can already be viewed over Tor without JS.
]
These aren't frontends for other services, but here are a few other websites I tend to find useful with my setup:
[bold:
AltCensored:
]
Has a huge archive of video content that has been censored from JewTube and co.:
https://www.altcensored.com/
[bold:
Library Genesis and Sci-Hub:
]
Keeps a huge collection of books and scientific articles to open paywalled academic content to the public:
https://libgen.rs
,
https://sci-hub.se
[bold:
Archive of Our Own:
]
The fanfiction website that puts the least hurdles in the way of Tor+noJS users (can only read tho):
https://archiveofourown.org/
[bold:
4everproxy and KProxy:
]
These are good when I just want to read an article or download from a website that blocks Tor (they can see your traffic, but not who you are):
https://4everproxy.com
,
https://kproxy.com
>yep. I haven't really done any research on I2P, what makes tor better?
Mainly just the fact that I2P's anonymity set is much smaller than Tor's. With Tor, you have
[bold:
well over 2,000,000 daily users
]
(
https://metrics.torproject.org/userstats-relay-country.html
) to blend in with, likely from more walks of life due to its relative ease of use. I2P, on the other hand, only has users in the tens of thousands.
Of course, better than all of this is using an airgapped system that never connects to the Internet. There are only a few ways that can ever go wrong.
Referenced by:
P7838
P7851
P7884
P8215
P7753
Mon 2022-08-29 16:03:27
link
reply
To all lambdaniggers, imagine if Tor and all other anonymizing networks except VPNs were eliminated. Would you rather use a VPN (and which VPN would you choose) or nothing at all (trust your ISP)?
Referenced by:
P7766
P7772
P7756
Mon 2022-08-29 16:10:16
link
reply
no vpn, thanks, it is a paid service that can be easily manipulated by police force.
next stop would be gopher, my dear fed.
P7766
Mon 2022-08-29 17:11:07
link
reply
P7753
>trusting your ISP
<ISP has access to all websites you visit and torrents you download
<ISP sells your activity and sends anti-piracy scareletters
>using VPN
<VPN has access to all websites you visit and torrents you download
<VPN shares your activity with your ISP
<ISP then sells your activity and sends anti-piracy scareletters
<both your VPN and ISP can see what you're doing online
Using a VPN is just throwing away your privacy. Use Tor or nothing at all. Mullvad is a honeypot.
P7725
>gopher
>no TLS
Literally soyware. You're better off just using standard HTTPS
Referenced by:
P7776
P7772
Mon 2022-08-29 17:50:58
link
reply
cb7270dca3c0bb9a91e5a173e7622e688634ab7d492e902052fa78597e8161f6.jpg
180 KiB 900x677
P7753
Nothing at all, without trusting my ISP. I'd stick only with the content I already have saved for my airgapped system. If I ever
[bold:
really
]
needed to get new content, I'd go to bum fuck Egypt to download as much as possible from a public WiFi hotspot, utilizing a live system with JavaScript disabled in the browser.
[spoiler:
Maybe I should do that now to torrent Sci-Hub's database so I don't have to do it if or when such a day ever comes.
]
P7776
Mon 2022-08-29 18:05:48
link
reply
P7766
If Mullvad did that they'd lose a lot of their users since they actually did research and instead of listening to Jewtubers.
>Uh I received a complaint from my ISP even though I was using Mullvad. I thought they were a no-logs VPN but apparently they sold my entire torrenting activity and browsing history to my ISP.
P7838
Tue 2022-08-30 02:56:53
link
reply
ea30adb664fc1409d48d8152cd86ac79f9d96bbf6f15ad296405cc33356c8d9f.jpg
159 KiB 738x1011
P7717
>My apologies if I come across as a know-it-all by going into some questions you didn't ask here, I'm just enthusiastic about spreading nanonymity solutions as far as possible. It took me 2 hours to write my wave of replies because I get distracted a lot mid-writing lol.
I wouldn't worry about that. Keep it up. It's definitely helping lot's of anons.Imo helping others is even more important than protecting you're own privacy/data. The main thing motivating me is to limit the amount of data they have on hand that allows them to socially engineer society to the degree to which they do, and also allows them to be as effective as they are at it. Because they already have EVERYTHING on me personally, but they will never get any more out of me. It's important to not fall into despair regarding that, because how can you go through life with such an utterly defeatist mindset? That you can't do anything, that they already have everything on you, that there are le backdoors that render any effort completely moot, and other fednigger narratives that have made their way into popular consciousness. How can you go forward in life thinking like that? Even if it was completely hopeless (which it isn't) you should still do everything in your power to make it harder for them. Because fuck them. Everything I'm saying probably is self evident to everyone on lambda, and also many would probably say why do you even care about normals data and privacy, and they are right to a certain extent because OUR data (whatever that means) is much more valuable than a normaltards data. Which is definitely the irony of the 4cuck saying "they don't care about you, you don't matter" etc, because the data of a disenfranchised, disaffected, asocial, radicalized, unconventional young male is the most important subset of the population for them to understand and manipulate (definitely giving 4cuck users to much credit but you get the general idea). And it's why honeycuck is the way it is. But they are still wrong. The data of the masses is how they are able to do what they do, and it effects my life, so why shouldn't I care? The idea that they already have everything on you is the number one reason that stops people from caring. And that narrative is pushed by glowniggers obviously. That is the main thing. Anyway. Remoralize normalfags is the point. But it is a Sisyphean endeavor lol, and I get why people would be dismissive of it, but that's what personally motivates me to care.
>In any case, a ton of non-JavaScript dependent, Tor-friendly frontends for various clearnet services have been developed besides the darknet-famous Invidious
We need to make a thread dedicated to useful .onion links, frontends, and nojs friendly websites. (with better visibility for noobs, than your effortpost buried in a bait thread lol). Also would make sharing easier.
Referenced by:
P8302
P7851
Tue 2022-08-30 04:04:28
link
reply
P7717
>For IMDB - Libremdb:
https://github.com/zyachel/libremdb
For visual novels - Vndb :
https://vndb.org/
(works without nojs)
For anime - AniDB:
https://anidb.net/
(anilist and mal do not work, honestly AniDB has better users anyway)
But I can't find anything satisfactory for music. Rateyourmusic completely blocks tor (it's impossible to use without JS even on the clearnet), and Discogs (
https://www.discogs.com/
) blocks tor access, and doesn't function without JS.
https://www.last.fm/
is pretty shit, but it works. Considering how there are frontends for so much stuff you would think a music website would have a frontend by now, but I don't think there are any.
Referenced by:
P7920
P8299
P7883
Tue 2022-08-30 10:11:09
link
reply
>discogs
cloudflared, nuff said
P7884
Tue 2022-08-30 10:13:31
link
reply
P7717
Anything for hentai?
P7891
Tue 2022-08-30 10:27:19
link
reply
videos or doujinshi?
Referenced by:
P7892
P7892
Tue 2022-08-30 10:32:16
link
reply
P7891
Both
P7894
Tue 2022-08-30 11:00:02
link
reply
Hey admin, dont use onion network bandwidths for such a shitty site. PLEASE GO HOME ON CLEARNET OR SHUT DOWN THIS SHIT
Referenced by:
P7900
P7900
Tue 2022-08-30 12:26:59
link
reply
67f88647a3411697070dacf5e7c15d47cb200f1dcbaf693659f1318f17e99f8d.jpg
32.6 KiB 654x702
P7894
not my problem
P7902
Tue 2022-08-30 12:28:34
link
reply
test
P7920
Tue 2022-08-30 14:08:27
link
reply
P7851
Anything for video games?
P7996
TOR, VPN + TOR or VPN + VPN + TOR
Tue 2022-08-30 22:24:26
link
reply
which one is the saftiest? The thing is I don't want to get tracked by the ISP now.
My USB Router has VPN enabled. Also, my PC has a VPN software and TOR
P8215
Thu 2022-09-01 14:12:43
link
reply
697af64f21e82ba5ef6c1b54235a2864a1538bad2edd01460421588d7d2e3c98.jpg
395 KiB 720x765
P6402
P6424
P7717
Good posts
Referenced by:
P8302
P8302
Thu 2022-09-01 23:50:20
link
reply
cbec626d353b816b4dc9655f08bfeb5177f3f7a5a0c5eb07ce0e75c17ca712f6.jpg
280 KiB 850x574
P7838
>It's definitely helping lot's of anons.
Eh, I wouldn't go that far when the Nanosphere only has a few dozen users lol.
>Imo helping others is even more important than protecting you're own privacy/data.
True. After all, anonymity can only exist in company.
>the rest
I might come back to this.
>We need to make a thread dedicated to useful .onion links, frontends, and nojs friendly websites. (with better visibility for noobs, than your effortpost buried in a bait thread lol). Also would make sharing easier.
Here it is:
P8299
P8215
Thanks ;)
Referenced by:
P8335
P8335
Fri 2022-09-02 06:58:54
link
reply
P8302
Looks good, I'm gonna add to it soon
P10670
Sun 2022-09-11 21:18:32
link
reply
1de427b07291e004fe5d1bd5029ae5d70f0c3ed80d0de81d5c4fa0591e4bcde4.jpg
94.7 KiB 850x991
P6402
>Lack of stream isolation: This is an underrated feature of Tor that I don't think gets brought up enough. Any website that you visit over Tor, a different exit node is automatically selected for it. This (in combination with the fact that Tor browser isolates cookies) means that even if two (clearnet) websites that you visit simultaneously are controlled by the same person, they can't directly associate the visits, unlike VPNs, where they see the same IP address visiting both sites.
Really? I thought that there's only one stream for all clearnet websites and that stream changes every ten minutes or so. Is that a new Tor browser feature?
I recall the Tor people complaining that people shouldn't torrent over Tor because the lack of stream isolation meant they were effectively doxxing themselves.
>Not enough of it. ;)
based
>A fool and his money are soon parted. What more should Tor do to protect people from their own retardation?
If you take a more robust interpretation of the point, it means that normies / low cognitive ability people should avoid using Tor since they'll get taken advantage of, which is correct for some people but irrelevant for users of this board.
Referenced by:
P10672
P10689
P10690
P12577
P10672
Sun 2022-09-11 21:22:02
link
reply
P10670
>I thought that there's only one stream for all clearnet websites and that stream changes every ten minutes or so.
Yeah I thought you were supposed to use IsolateDestAddr if you wanted to differentiate the exit nodes.
Referenced by:
P12577
P10689
Mon 2022-09-12 00:36:03
link
reply
P10670
>Really? I thought that there's only one stream for all clearnet websites and that stream changes every ten minutes or so. Is that a new Tor browser feature?
Open a bunch of clearnet ip checker websites in new tabs, your ip will be different every time. I'm pretty sure this has been the case since the beginning of Tor. The nodes also shuffle every ten minutes as you said, but that is in addition to the streams being isolated in the first place.
>I recall the Tor people complaining that people shouldn't torrent over Tor because the lack of stream isolation meant they were effectively doxxing themselves.
Yeah since if you are using an application over Tor and then posting on a forum without rotating Tor circuits, if the modes share the same Tor exit relay, this could lead to identity correlation. But that's only a problem if they're mixing anonymity modes, and you can also configure the applications to use a different exit node. Also with torrenting the nodes can't exactly change can they? which just puts you in more risk than normal. Yuki talks about that in a later post in this thread iirc.
Referenced by:
P12577
P10690
Mon 2022-09-12 00:37:46
link
reply
P10670
Do you know where Yuki is or what he's up to btw?
P12577
Mon 2022-09-26 20:08:39
link
reply
a2202c74a3eee4371d5d0b3170c6dec922012f4eeb9517502efb4aafcab470e1.jpg
266 KiB 800x800
P10670
>Really? I thought that there's only one stream for all clearnet websites and that stream changes every ten minutes or so. Is that a new Tor browser feature?
P10672
>Yeah I thought you were supposed to use IsolateDestAddr if you wanted to differentiate the exit nodes.
It has been default in the Tor Browser for at least several years (
https://matt.traudt.xyz/posts/2019-10-17-you-want-tor-browser-not-a-vpn/
, written by a Tor developer). Other applications may or may not need to be configured for this.
>Side note: Tor Browser also intelligently isolates your traffic. With VPNs all of everything exits from the same IP address. With Tor Browser, all traffic from facebook.com tabs regardless of the destination domain of the requests uses one set of circuits through the Tor network while all traffic from nytimes.com uses a different set of circuits. Even if all the sites you visit use the same CDN for serving their images/videos/ads, neither the sites nor the CDN will be able to tell that it's you that is visiting facebook and nytimes at the same time.
>If you take a more robust interpretation of the point, it means that normies / low cognitive ability people should avoid using Tor since they'll get taken advantage of, which is correct for some people but irrelevant for users of this board.
Even then, it's not like normies can't be educated.
P10689
>Open a bunch of clearnet ip checker websites in new tabs, your ip will be different every time. I'm pretty sure this has been the case since the beginning of Tor. The nodes also shuffle every ten minutes as you said, but that is in addition to the streams being isolated in the first place.
Yeah, I don't recall when this wasn't the case.
Mod Controls:
x
Reason: