Tor was designed to protect high risk individuals like journalists and whistleblowers and Tor bandwidth isn't unlimited. By using Tor, you're stripping entry and usage nodes of their resources and bandwidth thus harming high risk people. Tor is for journalists and whistleblowers, not regular users.

Most people should use a VPN for privacy since they are not high risk and you know who you're trusting with your data, and since VPNs are paid for, you aren't robbing people of resources. By using Tor, you could be exposing your browsing history to strangers or even the NSA.

Tor is also more dangerous since the dark web is filled with CP, gore, markets (which are scams), red rooms (which are fake), etc.

This shitpost was brought to you today by NordVPN
https://nordvpn.com/

>reeeeeeeeeeeeeeeeeeeeee YOUR BANDWIDTH IS RAPING MEEEEEEEEEEEEEEEEE!
You are a

N N I GGG GGG EEEEE RRR |
NN N I G G E R R |
N N N I G GGG G GGG EEEE RRRR |
N NN I G G G G E R R
N N I GGG GGG EEEEE R R O

>journalists
fake news. there are no independent journalists. they are and always have been government agents, knowingly or not. in many cases, they are outright spies using it as a cover. (see yuri bezmenhov)
>whistleblowers
leftist trash who want more control over other people's lives, not less, just as long as it's their brand

Fuck it, I'll bite [spoiler: because I have absolutely nothing better to do.]
>Tor was designed to protect high risk individuals like journalists and whistleblowers
The point of an anonymity network is to be anonymous. The less kinds of people there are on an anonymity network, the less effective it is as one. The reasons for this are intuitive: if only journalists and whistleblowers are using the Tor network, you know that any connection coming from Tor is going to be from a journalist or whistleblower. Journalists and whistleblowers make up a relatively small minority of the general populace, and with a smaller anonymity set to cover, adversaries have less possible suspects (meaning, there is less work to identify you). This is, in my opinion, the sole reason why Tor > I2P (for now).
>and Tor bandwidth isn't unlimited.
Eh, it works enough for us to download videos through Invidious 1MB/sec, so we aren't necessarily struggling to accomodate people here. Run some nodes if you want to improve it.
>By using Tor, you're stripping entry and usage nodes of their resources and bandwidth thus harming high risk people. Tor is for journalists and whistleblowers, not regular users.
Look up.
>Most people should use a VPN for privacy since they are not high risk and you know who you're trusting with your data,
There are a number of reasons why VPNs fall WAY short of Tor as a privacy solution:
1. Single point of failure (or worse!): Mentioning this when discussing VPNs VS Tor is a cliché at this point, but I'll talk about it anyway. A VPN company has access (in some way or another) to all records of your usgae of them.
>inb4 no-logging audit
They can stop logging for the period of the audit, and even if they truly didn't log, that does not preclude real-time tracking. The design of Tor is meant to protect you EVEN IF someone is logging, as no one point is enough to know both who you are and what you're connecting to. But, there is something wrong with calling VPNs a single point of failure, because oftentimes, it's actually even worse:
1.1. Traffic confirmation: With Tor, when someone monitors both your connections from your ISP and connections to the website that you're visiting, they'll see a Tor guard node and a random Tor exit node (not enough to instantly associate the connections, but can be increasingly dangerous the more this happens). With a VPN, they see THE EXACT SAME IP.
1.2. Multiple (non-redundant) points of failure: Most VPN companies rent a good portion of their servers (including the beloved Mullvad), meaning more parties can log your traffic than you think. (only one I know of that doesn't is VyprVPN)
>and since VPNs are paid for, you aren't robbing people of resources.
2. There is no "VPN browser:" When you're using a VPN, there's no clear way to blend in with a large enough portion of the userbase [spoiler: unless you think using Jewgle Chrome is an option for privacy], so any fingerprint that your browser has can become associated with whatever you do with it over time.
3. Lack of stream isolation: This is an underrated feature of Tor that I don't think gets brought up enough. Any website that you visit over Tor, a different exit node is automatically selected for it. This (in combination with the fact that Tor browser isolates cookies) means that even if two (clearnet) websites that you visit simultaneously are controlled by the same person, they can't directly associate the visits, unlike VPNs, where they see the same IP address visiting both sites.
>Resources that people volunteer is being robbed from them.
>By using Tor, you could be exposing your browsing history to strangers or even the NSA.
First off, only exit nodes can see your browsing history, and that's only when you're connected to clearnet sites (they're irrelevant on onionsites, as you're never EXITing the Tor network with those). Second, this literally doesn't matter because they can't associate the traffic with you, it's mixed in with the noise of potentially millions of other people who use Tor (especially when you're connected through HTTPS, then they can't see the specific page or the traffic that you're sending to a given site).
>Tor is also more dangerous
Hardly.
>since the dark web is filled with CP,
Not enough of it. ;)
>gore,
Lrn2perspective. This shit is all over the clearnet too.
>markets (which are scams), red rooms (which are fake), etc.
A fool and his money are soon parted. What more should Tor do to protect people from their own retardation?

>the sole reason why Tor > I2P
yea if you are on i2p there is a 98.7% chance you are russian
>the dark web is filled with CP, gore, markets (which are scams)
you didnt even need to reply to this because the clearnet is even more so idk what was the point being made here, too obvious bait tbh

P6402
What do you think about selfhosted vpns?

P6410
>you didnt even need to reply to this because the clearnet is even more
To be fair, CP sharing communities and especially DNMs are some of the most active onionsites. Even boy-only CP boards make the entire Nanosphere combined look like a ghost town. [spoiler: Of course, this is only something I've heard, I haven't actually been to said places, kind strangers from the LEAs.] This has nothing to do with the safety of simply using Tor, however.
P6413
>selfhosted vpns
IMO it doesn't really make much of a difference. To start with:
1. It doesn't fix point 1 because the ISP that your selfhosted VPN is using can still log connections in and out.
1.1. It doesn't fix point 1.1 because the same IP address can be seen from both sides.
1.2. It only fixes point 1.2 if you're the only one with access (physical or remote) to the server.
2. It arguably makes point 2 even worse, because there is NO userbase besides yourself (or whoever you let use it). So, even if there were a common enough browser configuration that was good for nanonymity, you'd still be fingerprintable by the fact that you're one of only few people who ever browses through this VPN.
3. It doesn't fix point 3 because there's still no stream isolation, two websites that you visit simultaneously see the same IP address.

Supposedly, before Tor, the U.S. Intelligence Community once used a system where they started front companies (which they'd create encrypted connections to) for research on persons of interest (so, sort of like their own elaborate self-hosted VPN). Ironically, the spies had so many basic OPSEC fails (like being logged into Facebook while they do their "anonymous" searches) that they had to create way more of these than they needed to (wasting gorillions of taxpayer dollars):
> ... as intelligence increasing became "cyberintelligence" (a term used to distinguish it from the old phone-and-fax forms of off-line SIGINT), [bold: old concerns also had to be updated to the new medium of the Internet. For example: how to research a target while remaining anonymous online.]
>This issue would typically emerge when a CO would search the name of a person from a country like Iran or China in the agency's databases and come up empty-handed. For casual searches of prospective targets like these, No Results was actually a fairly common outcome: the CIA's databases were mostly filled with people already of interest to the agency, or citizens of friendly countries whose records were easily available. [bold: When faced with No Results, a CO would have to do the same thing you do when you want to look someone up: they'd turn to the public Internet. This was risky.]
>[1 paragraph redacted to save time because I'm manually typing this shit out lol]
>It may be hard to believe, but the agency at the time had no good answer for what a case officer should do in this situation, beyond weakly recommending that they ask CIA headquarters to take over the search on their behalf. [bold: Formally, the way this ridiculous procedure was supposed to work was that someone back in McLean would go online from a specific computer terminal and use what was called a "nonattributable research system." This was set up to proxy]-that is, fake the origin of-a query before sending it to Google. [bold: If anyone tried to look into who had run that particular search, all they would find would be an anodyne business] located somewhere in America-one of the myriad fake executive-headhunter or personnel-services companies [bold: the CIA used as cover.]
>I can't say that anyone ever definitively explained to me why the agency liked to use "job search" businesses as a front; presumably they were the only companies that might plausibly look up a nuclear engineer in Pakistan one day and a retired Polish general the next. [bold: I can say with absolute certainty, however, that the process was ineffective, onerous, and expensive.] To create just one of these covers, the agency had to invent the purpose and name of a company, secure a credible physical address somewhere in America, register a credible URL, put up a credible website, and then rent servers in the company's name. Furthermore, the agency had to create an encrypted connection from those servers that allowed it to communicate with the CIA network without anyone noticing the connection. [bold: Here's the kicker: After all of that effort and money was expended just to let us anonymously Google a name, whatever front business was being used as a proxy would immediately be burned-by which I mean its connection to the CIA would be revealed to our adversaries-the moment some analyst decided to take a break from their research to log in to their personal Facebook account on that same computer.] Since few of the people at headquarters were undercover, that Facebook account would often openly declare, "I work at the CIA," or just as tellingly, "I work at the State Department, but in McLean."
>Go ahead and laugh. Back then, it happened all the time.
>During my stint in Geneva, whenever a CO would ask me if there was a safer, faster, and all-around more efficent way to do this, I introduced them to Tor.
(The above was an excerpt from Permanent Record by Edward Snowden. It's available on LibGen and there's a little bit more explanation as to why he recommended Tor (what I quoted starts at page 153): https://libgen.rs/book/index.php?md5=A5BDA164BB2B8419C57E57012A2F7F82)

P6424
How do I accept my homosexuality? I'm deeply repressed.

My dad is a security researcher and he recommends NordVPN for security. He says that Tor is insecure. You guys aren't security researchers so I refuse to listen to anything you say.

P6445
Sir. I have encouraged people to check the source I linked.
P6424
>(The above was an excerpt from Permanent Record by Edward Snowden. It's available on LibGen and there's a little bit more explanation as to why he recommended Tor (what I quoted starts at page 153): https://libgen.rs/book/index.php?md5=A5BDA164BB2B8419C57E57012A2F7F82)
Snowden has worked in cybersecurity for the U.S. National Security Agency before, so if you don't want to listen to me, listen to what he said, sir. Also, the credentials fallacy is not a valid argument, sir. If your security researcher dad has an issue with what I've said, get him to come in here and explain on what points I'm wrong, sir. I may not be an expert, sir, but I would like to learn about any gaps in my knowledge, sir. If you have no direct argument against what I've said, then I will assume you are trolling, sir. Sir.

TOR is just for child rapers, terrorists, and criminals who use 2D-girl pics without their creator's approval like the admin here. We must kill all TOR users ASAP.

I'd just like to interject for a moment. What you're referring to as Tor, is in fact, GNU/Tor, or as I've recently taken to calling it, GNU plus Tor. Tor is not a VPN unto itself, but rather another free component of a fully functioning GNU network made useful by the GNU servers, encryption, and vital network components comprising a full VPN service as defined by POSIX.

P6471
>TOR
*Tor, nigger.
>TOR is just for child rapers, terrorists, and criminals who use 2D-girl pics without their creator's approval like the admin here.
Sounds pretty based to me [spoiler: assuming by child "rape" you mean consensual sex.]

P6484
P6491
>the naming of the software matters
yeah whatever nigger

P6491
Children can't consent, though.

P6491
TOR was original name

[bold: T]he [bold: O]nion [bold: R]outer

P6605
P6607
It's Tor, the onion routing.
http://rzuwtpc4wb3xdzrj3yeajsvm3fkq4vbeubm2tdxaqruzzzgs5dwemlad.onion/about/index.html#why-is-it-called-tor
http://tv54samlti22655ohq3oaswm64cwf7ulp6wzkjcvdla2hagqcu7uokid.onion/posts/2021-02-22-tor-spelling/

[bold: T]he [bold: O]nion [bold: R]outer
It's T.O.R.
Not TOR, not tor, T.O.R. It's an acronym. Remember the periods.
[bold: T.O.R.]

>>P6384

You can't just take a shit in the middle of a TOR based IB like that and not propose any alternatives.

I'm just going to say it, i2p is superior anyway; it just takes time to get running and it can be a bitch to configure sometimes.

We should be basing everything in i2P, ideally all programs and websites should be compatible with both the eepsite and .onion schemes with an easy way to direct them either to a dedicated tor or i2p standalone router with a boot to ram OS (which is not currently possible on raspberry pis), but I'm personally not prepared for that move yet.

>Eh, it works enough for us to download videos through Invidious 1MB/sec, so we aren't necessarily struggling to accomodate people here. Run some nodes if you want to improve it.

Imagine not downloading all your porn and media through a mixer router. Kek.

>Ironically, the spies had so many basic OPSEC fails (like being logged into Facebook while they do their "anonymous" searches) that they had to create way more of these than they needed to (wasting gorillions of taxpayer dollars):

Doesn't surprise me. A certain percentage of NSA agents use your collected nudes and info as their version of tinder/grindr and contact their surveillance targets on the side.

the final redpill is that, in the end, it's every tranny for xirself, and so you just have to leverage any identity group that will accept you in order to amass personal power and fuck over anyone who gets in your way, even if they helped you get to where you are now.

everything, and i mean literally *everything* else presented as (((based))) is a psyop orchestrated by someone else.

"there's a sucker on one side of every deal. if you don't know who it is, then it's you."
-mark cuban

>the final redpill is that, in the end, it's every tranny for xirself, and so you just have to leverage any identity group that will accept you in order to amass personal power and fuck over anyone who gets in your way, even if they helped you get to where you are now.

You mean unless your goal is modifying the system and you have the skills and insight to transform their operations, forcing all the parties in the system to modify themselves without your direct leadership?

It would be nice to have a group because I'm lonely and broke, but that would attribute all the things I'm doing to them in the eyes of the other parties that are able correlate my activity to changes in the world that they may or may not like.

>>P6636

I regularly talk shit about the people I like just to throw people off their trail, occassionally I find out they had a freak out about it and I feel so guilty, but can't say anything.

I wonder if it's even necessary anymore though.

The thing about me joining a group is that inadvertently that would come off as approval of everything the group did. So if I wasn't in charge of it with control over the members, they could get away with quite a lot and other groups familiar with me would be averse to making a move against them, even if what they were doing was something I opposed as well.

It's all kind of complicated. My main concern right now is just having enough money to do stuff and not being interrogated and dragged off to a blacksite everywhere I go or tricked into being blackmailed (which is mostly useless against me) or becoming dependent.

I think realistically, I could get people to put money into a trust fund for me in exchange for access to me so they can try to get a heads up on things, but that's only possible if I can deny access, which I can by just creating a new layer of abstraction and various cognitive blocks for those that interact with me.

The surveillance kind of concerns me because maintaining my appearance isn't 100% consistent. One of the surveilors saw my underlying facial configuration and reacted and colors keep escaping. I know that their cognitive errors should just aggregate the conceptions of appearance and take the median as the mental model and they won't think anything of it. Even if they line all the pictures up side by side, the cognitive block should just force them to see them as the same person. If they ever find a person with no exposure and show them individual pictures and ask them if that's the same person I could end up as anomaly #1.

So that's the danger of giving consistent access.

Come to think of it, the one that did it first would have a major advantage by being able to appoint the account manager that approves fund dispersal.

If others added to that fund, the same manager would have control.

Having multiple ones would prevent denial of funds by any given manager and force them to compete, but I'm probably not going to go out of my way to get multiple ones because I'm lazy like that.

The best thing about trust funds is that under normal circumstances a lawsuit can't access the funds, they can be done anonymously, and at the same time it gives me an incentive to not end up in prison or blacksite.

P6626
The Tor Project themselves say otherwise, and they rule over us so they're right: http://rzuwtpc4wb3xdzrj3yeajsvm3fkq4vbeubm2tdxaqruzzzgs5dwemlad.onion/about/index.html#why-is-it-called-tor
P6629
>You can't just take a shit in the middle of a TOR based IB like that and not propose any alternatives.
[spoiler: Well yeah, it's obvious bait. I only responded here because I had nothing better to do.]
>A certain percentage of NSA agents use your collected nudes and info as their version of tinder/grindr and contact their surveillance targets on the side.
Funni if true.

P6669
All heil the Torah overlords!

Since this is a tor thread, I'll ask here. How truly compromising is enabling javascript for certain websites? Like what are the consequences for enabling javascript on https://mootxi.co or something like that as opposed to enabling it on some fagman or equivalent site. What are the consequences (to privacy, anonymity etc) for allowing javascript on some websites and not others? Also with NoScript, for your "default" settings do you enable anything else besides frame, noscript, and other? And do you check "Override Tor Browser's Security Level preset"? Also isn't css another thing they can fingerprint you with?
I'm a noob, so sorry if these are obvious

>>P6723

NoScript historically has been unreliable with exploits that enabled javascript and I have personally seen that happen. Noscript is for normies to avoid tracking and fingerprinting scripts, not to stop hackers from infiltrating a system.

On the darkweb, everyone has javascript disabled, but everyone still gets hacked at least a few times (which is why OpSec practices like booting to ram, a dedicated internet connection, stripping out bluetooth and wifi from a computer, and periodically wiping and reinstalling or flashing router OS and firmware is so important).

What you want to do is enable Noscript to max security AND disable javascript in the browser using the about:config > java = disabled route.

Ideally the browser would be limited to HTML and not have javascript plugins at all.

To answer the actual question, I think Javascript should be seen as a threat because of fingerprinting and because it can run malicious scripts that compromise other elements of the machine. Javascript is just the starting point of some sophisticated infiltration, a place to upload something malicious and have it run on an open program.

P6738
>On the darkweb everyone still gets hacked at least a few times
sounds like fud tbh

>>P6746

But it's true. Especially on certain sites that are used as training grounds for hackers like the darkweb chats.

The thing is, at least in the Western world, the chips are compromised because law enforcement and intelligence insists on it. It's not actually necessary to do something like run a suspicous file to get hacked. And the automation of so many exploits and groups specializing in every program, every OS, and every device, basically, means you're going to get hacked.

For the time being, while hardware is compromised, we can only focus on mitigating intrusions and the damage they can do with things like software hardening, physical isolation of personal information, and boot to ram schemes to keep systems free of persisting RATs.

P6723
>How truly compromising is enabling javascript for certain websites? Like what are the consequences for enabling javascript on https://mootxi.co or something like that as opposed to enabling it on some fagman or equivalent site. What are the consequences (to privacy, anonymity etc) for allowing javascript on some websites and not others?
It depends. Since darknet markets and CP sharing communities are the most targeted by law enforcement, they are naturally going to be the most likely to compromise you if you visit them with JavaScript enabled. It's possible that RCE exploits could be used to deanonymize you. Meanwhile, if you're doing shit that isn't likely to get you targeted by law enforcement, like watching cooking tutorials or some autistic Minecraft video, only untargeted (mass) surveillance is a concern. Fingerprinting could be done by AI profiling your keystrokes (which are presumably as unique as handwriting) and/or mouse movements (the latter of which can be done with CSS too, but isn't as practical or effective): http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Surfing_Posting_Blogging#Keystroke_Fingerprinting
>Also with NoScript, for your "default" settings do you enable anything else besides frame, noscript, and other? And do you check "Override Tor Browser's Security Level preset"?
I personally don't fuck with it. As P6738 mentioned, NoScript has proven unreliable for blocking JavaScript exploits on some occasions. There have been [bold: at least 3] vulnerabilities in which JavaScript could run when it shouldn't have been able to:
https://techreport.com/news/28570/noscript-vulnerability-allows-malicious-scripts-to-run-unchecked/ (2015)
https://www.securityweek.com/zerodium-discloses-flaw-allows-code-execution-tor-browser (2018)
https://www.zdnet.com/article/tor-team-warns-of-tor-browser-bug-that-runs-javascript-on-sites-it-shouldnt/ (2020)
And, also as mentioned by P6738, if you really want to protect against JabbaShit, you should go into about:config and set the value of javascript.enabled to false. While you're at it, I'd also recommend disabling the PDF reader in Tor Browser by setting the value of pdfjs.disabled to true.
>Also isn't css another thing they can fingerprint you with?
Yes, but to a much lesser extent. Besides mouse fingerprinting mentioned above, it can also fingerprint you based on your window size (which is why Tor Browser does letterboxing): http://tv54samlti22655ohq3oaswm64cwf7ulp6wzkjcvdla2hagqcu7uokid.onion/posts/2016-09-04-how-css-alone-can-help-track-you/
P6746
It isn't necessarily impossible, seeing as traffic confirmation attacks, website fingerprinting attacks (http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Fingerprint#Website_Traffic_Fingerprinting) and exploits that could be done with only HTML+CSS (https://security.stackexchange.com/questions/123733/browser-exploits-based-purely-on-html-css) have existed and could compromise people in theory. Thing is, we haven't really heard of Tor users being compromised by those (alone?) in practice, so whether they're FUD or serious threats remains in question.

>While you're at it, I'd also recommend disabling the PDF reader in Tor Browser by setting the value of pdfjs.disabled to true.

I didn't know to do this. I'll add it to my startup hardening list. A hardening list is never too big.

P6738
P6794
Thanks for the advice. I've set javascript.enabled to false and also set pdfjs.disabled to true. (good post as always uekeeeeeeeeeeeeeeee). But still it's fucking annoying making mistakes, lucky for me I've done nothing "wrong" yet.

P6794
>I personally don't fuck with it.
Btw do you still have it enabled and installed? Because wouldn't deleting it/disabling it affect anonymity?

P6797
>I didn't know to do this.
Right, it isn't the [bold: most] important setting to change (seeing as PDFs aren't quite as ubiquitous as websites that use JabbaShit) but it's still a good idea, seeing as PDFs themselves can contain JabbaShit code, you'll want clicking on a link to one of them to give you the option to download them instead of automatically opening them in your browser (that's what changing this setting does). If you ever do need to open them, the best practice is to use an airgapped system, or anything you can ensure will be offline.
>A hardening list is never too big.
Indeed.
P6805
>(good post as always uekeeeeeeeeeeeeeeee).
*headpats in gratitude for le compliment*
>lucky for me I've done nothing "wrong" yet.
;)
P6806
>Btw do you still have it enabled and installed? Because wouldn't deleting it/disabling it affect anonymity?
Yes, by what you quoted I meant that I didn't do anything with it one way or the other, I leave it as it is. My routine is as follows:
1. Set Tor Browser Security Level to "Safest."
2. Go to about:config.
3. Set the value of javascript.enabled to "false" and pdfjs.disabled to "true."
Otherwise I don't edit any settings (or add/remove anything) at all. [spoiler: Except when I have to disable CSS for specific webpages because of some websites making it harder for non-JavaScript users to view their content.]

P6746
Indeed it is.

For those who don't want to use Tor here is the safest way to browse:
1. Use Google Chrome (Microsoft Edge if you're on Windows)
2. Do not install any extensions
3. Do not change any settings
Everyone should stick to the default config so that everyone is uniform and thus harder to track. Changing even one thing like your search engine or disabling telemetry will make you stand out thus worsening privacy.

[spoiler: this is stupid isn't it. Literally use LibreWolf or anything else besides Chrome if you don't want to use Tor.]

P6862
For those who don't want to use Tor here is the safest way to browse:
1. Don't browse.

P6424
I agree with all your points. But as far as vpns go, a selfhosted one is the best.
1.2. It only fixes point 1.2 if you're the only one with access (physical or remote) to the server.
You can make it so Openvpn doesn't log at all but that doesn't mean that the server owners won't log it.

>2. It arguably makes point 2 even worse, because there is NO userbase besides yourself (or whoever you let use it). So, even if there were a common enough browser configuration that was good for nanonymity, you'd still be fingerprintable by the fact that you're one of only few people who ever browses through this VPN.

I alternate between a couple vps providers, regularly delete accounts, delete a server if it is older than 3 days. Openvpn takes like 2 mins to set up. I don't really use the clear net that much. Also use mullvad sporadically. My opsec is very low threat so of course this stuff would mean nothing if someone wanted to know, but no one will piece this all together. And I alternate between Monero and my Grandmas credit card to pay for it lol. I spoof my mullvad data.

P7513
>I alternate between a couple vps providers, regularly delete accounts, delete a server if it is older than 3 days. Openvpn takes like 2 mins to set up. I don't really use the clear net that much. Also use mullvad sporadically.
Ah, so you're compartmentalizing different self-hosted (-Mullvad) VPNs. That's slightly different from what I had imagined. Still, activities from each still become linked over time (but not with each other), so it would be essential to not mix anonymity modes (shouldn't be done anyway, but especially in this context: http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/DoNot#Mix_Anonymity_Modes , replace "Tor" with "anonymity solution.")
>My opsec is very low threat so of course this stuff would mean nothing if someone wanted to know, but no one will piece this all together.
I guess not if you aren't known to be doing anything (((the owners))) don't like.
>And I alternate between Monero and my Grandmas credit card to pay for it lol.
Lol.
>as far as vpns go, a selfhosted one is the best.
I'm still not so sure when you're using the word "one," but later describing a semi-elaborate system utilizing multiple of them. If you were using only one, point 2 would still stand.
Nym ? Tor > I2P > Compartmentalized self-hosted VPNs > Commercial VPN(s) > Single self-hosted VPN

P7677
>Ah, so you're compartmentalizing different self-hosted (-Mullvad) VPNs. That's slightly different from what I had imagined. Still, activities from each still become linked over time (but not with each other), so it would be essential to not mix anonymity modes (shouldn't be done anyway, but especially in this context
I just read what you had written and agreed with it but wanted to share my method which mitigates or tries to address the various limitations that relying on a vpn produces (which you listed).
>I guess not if you aren't known to be doing anything (((the owners))) don't like.
Exactly, honestly my way of thinking (am just a pleb, no one cares, by taking any measures at all I'm effectively completely dodging all mass ubiquitous default surveillance...like implicit automatic datamining...not really sure how to describe it. I think you get it) thinking like that isn't good, rather i should act as if bad actors ARE explicitly trying to spy on me.
>I'm still not so sure when you're using the word "one," but later describing a semi-elaborate system utilizing multiple of them. If you were using only one, point 2 would still stand.
Yeah I should have clarified better. I am not using one, I'm utilizing multiple VPNs, with multiple VPS, running and deleting multiple servers. This is my method.
>Have multiple VPS services aka an account with 1984, Digital Ocean, Vultr, *****, *****, etc
>Alternate between these VPS services and deploy a new server (always in a random country that I haven't done before) and setup Openvpn with no logs
>So for two days I will use Openvpn with 1984, delete the server and switch to my digital ocean account.
>it takes 2 mins to setup Openvpn, I also use Wireguard sometimes but Openvpn I'm more familiar with
>If one of my VPS runs out of money I delete it.
>pay with Monero and different family members credit cards.
>don't use these vpns while signing into anything explicitly linked to me, finances etc
>Sometimes use mullvad which I share with lots of people.
umm hmm I forget. I think that's the extent of it. But I've been meaning to ask, you can use things like gallery-dl and yt-dlp through tor right? That's kinda the reason I do all this but it kinda feels like it's an ocd compulsion that makes me do it. I just want to make it harder for them. Ohh I remember, I was going to try and write out what this method would exactly achieve but if you feel like doing it, you would probably be better able to accurately discern it's benefits and or limitations.
>Tor > I2P > Compartmentalized self-hosted VPNs > Commercial VPN(s) > Single self-hosted VPN
yep. I haven't really done any research on I2P, what makes tor better?

[spoiler: My apologies if I come across as a know-it-all by going into some questions you didn't ask here, I'm just enthusiastic about spreading nanonymity solutions as far as possible. It took me 2 hours to write my wave of replies because I get distracted a lot mid-writing lol.]
P7680
>I just read what you had written and agreed with it but wanted to share my method which mitigates or tries to address the various limitations that relying on a vpn produces (which you listed).
>I am not using one, I'm utilizing multiple VPNs, with multiple VPS, running and deleting multiple servers. This is my method.
>Ohh I remember, I was going to try and write out what this method would exactly achieve but if you feel like doing it, you would probably be better able to accurately discern it's benefits and or limitations.
For what it's worth, it does have a few benefits over both a single self-hosted VPN solution and any commercial VPN solution:
1. There's one less party involved. Usually, commercial VPNs (except for VyprVPN AFAIK) rent a good deal of their servers from VPS providers themselves. In that scenario, the parties that know and may log the traffic coming in and out include (one never knows on the Internet who it's limited to, though):
a. Yourself (for your own traffic)
b. The commercial VPN provider
c. The provider
d. Their ISP
In your scenario, it's:
a. Yourself
b. The provider
c. Their ISP
2. Since you're alternating between multiple different VPS services, if one of them is compromised (or was logging traffic to begin with), they don't have access to the whole package, so to speak (but still to some of it). The fact that you delete and switch every few days could help too, to some degree.
3. You're not using anything explicitly linked to you when using the VPS services, which is good.
However:
1. There is no "VPN browser." Websites can still fingerprint you based on your browser setup.
2. Even if only some of your activity can be logged by any given service, it is still your activity. Now, if you chained different servers together, so that only one knew your IP address and only one knew the websites that you visit (neither of them knowing both unless they happen to be controlled by the same organization), that would dramatically improve the privacy of it, but even then, the following 2 points hold:
3. There is no stream isolation, the one that you chose to see the websites that you visit would see [bold: all] of the websites that you visit for the time that you use it.
4. In addition to stream isolation, Tor changes the circuits that you use (the path from guard, to middle, to exit node) over a period of time too. The guard node changes every 12 weeks (or every session if you use Tails). The logic behind this: If your guard node and the people who can monitor it are innocuous/out of an adversary's reach, then no adversary [bold: within] the Tor network is going to find your IP address for another 3 months, making them waste money to keep their nodes for that period. (This doesn't preclude an adversary finding out your IP address with browser exploits, however, which is why Tor users, especially high risk ones, are often advised to disable JavaScript) The middle and exit nodes change [bold: every 10 minutes.] This means that not only is an exit node unaware of who you are, but even if they could begin to distinguish one user from another, it won't mean much because one's time to see what websites you visit expires... basically after I finish fapping lol. And they'll usually be able to see one at a time because of the aforementioned stream isolation, so the chances are that the exit node will only see one random Tor user accessing one random website, and then they'll be swapped out for another exit node that will see the same. [spoiler: One exception to this is that a Tor circuit will sometimes be kept if you're downloading something that takes you longer than 10 minutes to download over Tor. After said download is complete, it will cycle out. Same thing with IRCs until you disconnect.] (https://support.torproject.org/about/#change-paths)
>But I've been meaning to ask, you can use things like gallery-dl and yt-dlp through tor right?
I've never used those, but I don't see why Tor would prevent it. In any case, a ton of non-JavaScript dependent, Tor-friendly frontends for various clearnet services have been developed besides the darknet-famous Invidious. These allow you to browse (some with more limitations than others) these websites with much of their original BS removed. Browse these over Tor (some even have onionsite instances if you're extra paranoid about exit nodes), and compartmentalize across instances, and your activity will be more or less completely private:
For YouTube - Invidious: https://api.invidious.io
For Twitter - Nitter: https://github.com/zedeus/nitter/wiki/Instances
For Instagram - Bibliogram: https://git.sr.ht/~cadence/bibliogram-docs/tree/master/docs/Instances.md
For Reddit - Teddit or Libreddit: https://codeberg.org/teddit/teddit, https://github.com/spikecodes/libreddit
For Google Translate, DeepL, ICIBA, Reverso - SimplyTranslate: https://simple-web.org/projects/simplytranslate.html
For Imgur - Rimgo: https://codeberg.org/video-prize-ranch/rimgo
For Odysee - Librarian: No instance list ATM that doesn't require JS for some reason, just go to https://librarian.pussthecat.org/ or https://lbry.bcow.xyz/
For TikTok - ProxiTok: https://github.com/pablouser1/ProxiTok/wiki/Public-instances
For IMDB - Libremdb: https://github.com/zyachel/libremdb
For Quora - Quetre: https://github.com/zyachel/quetre
Found most of the above through https://pussthecat.org, but there's actually a few more sites and tricks I've learned about to fetch certain content with my no-JS Tor setup:
For PeerTube - SimpleerTube: https://simple-web.org/projects/simpleertube.html
For XVideos - PornInvidious: https://simple-web.org/projects/porninvidious.html
For Wikipedia - Wikiless: https://codeberg.org/orenom/wikiless [bold: This one might be counterproductive for anonymity though, since most Wikipedia content (in my experience) can already be viewed over Tor without JS.]
These aren't frontends for other services, but here are a few other websites I tend to find useful with my setup:
[bold: AltCensored:] Has a huge archive of video content that has been censored from JewTube and co.: https://www.altcensored.com/
[bold: Library Genesis and Sci-Hub:] Keeps a huge collection of books and scientific articles to open paywalled academic content to the public: https://libgen.rs, https://sci-hub.se
[bold: Archive of Our Own:] The fanfiction website that puts the least hurdles in the way of Tor+noJS users (can only read tho): https://archiveofourown.org/
[bold: 4everproxy and KProxy:] These are good when I just want to read an article or download from a website that blocks Tor (they can see your traffic, but not who you are): https://4everproxy.com, https://kproxy.com
>yep. I haven't really done any research on I2P, what makes tor better?
Mainly just the fact that I2P's anonymity set is much smaller than Tor's. With Tor, you have [bold: well over 2,000,000 daily users] (https://metrics.torproject.org/userstats-relay-country.html) to blend in with, likely from more walks of life due to its relative ease of use. I2P, on the other hand, only has users in the tens of thousands.
Of course, better than all of this is using an airgapped system that never connects to the Internet. There are only a few ways that can ever go wrong.

To all lambdaniggers, imagine if Tor and all other anonymizing networks except VPNs were eliminated. Would you rather use a VPN (and which VPN would you choose) or nothing at all (trust your ISP)?

no vpn, thanks, it is a paid service that can be easily manipulated by police force.
next stop would be gopher, my dear fed.

P7753
>trusting your ISP
<ISP has access to all websites you visit and torrents you download
<ISP sells your activity and sends anti-piracy scareletters

>using VPN
<VPN has access to all websites you visit and torrents you download
<VPN shares your activity with your ISP
<ISP then sells your activity and sends anti-piracy scareletters
<both your VPN and ISP can see what you're doing online

Using a VPN is just throwing away your privacy. Use Tor or nothing at all. Mullvad is a honeypot.

P7725
>gopher
>no TLS
Literally soyware. You're better off just using standard HTTPS

P7753
Nothing at all, without trusting my ISP. I'd stick only with the content I already have saved for my airgapped system. If I ever [bold: really] needed to get new content, I'd go to bum fuck Egypt to download as much as possible from a public WiFi hotspot, utilizing a live system with JavaScript disabled in the browser. [spoiler: Maybe I should do that now to torrent Sci-Hub's database so I don't have to do it if or when such a day ever comes.]

P7766
If Mullvad did that they'd lose a lot of their users since they actually did research and instead of listening to Jewtubers.
>Uh I received a complaint from my ISP even though I was using Mullvad. I thought they were a no-logs VPN but apparently they sold my entire torrenting activity and browsing history to my ISP.

P7717
>My apologies if I come across as a know-it-all by going into some questions you didn't ask here, I'm just enthusiastic about spreading nanonymity solutions as far as possible. It took me 2 hours to write my wave of replies because I get distracted a lot mid-writing lol.
I wouldn't worry about that. Keep it up. It's definitely helping lot's of anons.Imo helping others is even more important than protecting you're own privacy/data. The main thing motivating me is to limit the amount of data they have on hand that allows them to socially engineer society to the degree to which they do, and also allows them to be as effective as they are at it. Because they already have EVERYTHING on me personally, but they will never get any more out of me. It's important to not fall into despair regarding that, because how can you go through life with such an utterly defeatist mindset? That you can't do anything, that they already have everything on you, that there are le backdoors that render any effort completely moot, and other fednigger narratives that have made their way into popular consciousness. How can you go forward in life thinking like that? Even if it was completely hopeless (which it isn't) you should still do everything in your power to make it harder for them. Because fuck them. Everything I'm saying probably is self evident to everyone on lambda, and also many would probably say why do you even care about normals data and privacy, and they are right to a certain extent because OUR data (whatever that means) is much more valuable than a normaltards data. Which is definitely the irony of the 4cuck saying "they don't care about you, you don't matter" etc, because the data of a disenfranchised, disaffected, asocial, radicalized, unconventional young male is the most important subset of the population for them to understand and manipulate (definitely giving 4cuck users to much credit but you get the general idea). And it's why honeycuck is the way it is. But they are still wrong. The data of the masses is how they are able to do what they do, and it effects my life, so why shouldn't I care? The idea that they already have everything on you is the number one reason that stops people from caring. And that narrative is pushed by glowniggers obviously. That is the main thing. Anyway. Remoralize normalfags is the point. But it is a Sisyphean endeavor lol, and I get why people would be dismissive of it, but that's what personally motivates me to care.
>In any case, a ton of non-JavaScript dependent, Tor-friendly frontends for various clearnet services have been developed besides the darknet-famous Invidious
We need to make a thread dedicated to useful .onion links, frontends, and nojs friendly websites. (with better visibility for noobs, than your effortpost buried in a bait thread lol). Also would make sharing easier.

P7717
>For IMDB - Libremdb: https://github.com/zyachel/libremdb
For visual novels - Vndb :https://vndb.org/ (works without nojs)
For anime - AniDB: https://anidb.net/ (anilist and mal do not work, honestly AniDB has better users anyway)
But I can't find anything satisfactory for music. Rateyourmusic completely blocks tor (it's impossible to use without JS even on the clearnet), and Discogs (https://www.discogs.com/) blocks tor access, and doesn't function without JS. https://www.last.fm/ is pretty shit, but it works. Considering how there are frontends for so much stuff you would think a music website would have a frontend by now, but I don't think there are any.

>discogs
cloudflared, nuff said

P7717
Anything for hentai?

videos or doujinshi?

P7891
Both

Hey admin, dont use onion network bandwidths for such a shitty site. PLEASE GO HOME ON CLEARNET OR SHUT DOWN THIS SHIT

P7894
not my problem

test

P7851
Anything for video games?

which one is the saftiest? The thing is I don't want to get tracked by the ISP now.

My USB Router has VPN enabled. Also, my PC has a VPN software and TOR

P6402
P6424
P7717
Good posts

P7838
>It's definitely helping lot's of anons.
Eh, I wouldn't go that far when the Nanosphere only has a few dozen users lol.
>Imo helping others is even more important than protecting you're own privacy/data.
True. After all, anonymity can only exist in company.
>the rest
I might come back to this.
>We need to make a thread dedicated to useful .onion links, frontends, and nojs friendly websites. (with better visibility for noobs, than your effortpost buried in a bait thread lol). Also would make sharing easier.
Here it is: P8299
P8215
Thanks ;)

P8302
Looks good, I'm gonna add to it soon

P6402
>Lack of stream isolation: This is an underrated feature of Tor that I don't think gets brought up enough. Any website that you visit over Tor, a different exit node is automatically selected for it. This (in combination with the fact that Tor browser isolates cookies) means that even if two (clearnet) websites that you visit simultaneously are controlled by the same person, they can't directly associate the visits, unlike VPNs, where they see the same IP address visiting both sites.
Really? I thought that there's only one stream for all clearnet websites and that stream changes every ten minutes or so. Is that a new Tor browser feature?
I recall the Tor people complaining that people shouldn't torrent over Tor because the lack of stream isolation meant they were effectively doxxing themselves.
>Not enough of it. ;)
based
>A fool and his money are soon parted. What more should Tor do to protect people from their own retardation?
If you take a more robust interpretation of the point, it means that normies / low cognitive ability people should avoid using Tor since they'll get taken advantage of, which is correct for some people but irrelevant for users of this board.

P10670
>I thought that there's only one stream for all clearnet websites and that stream changes every ten minutes or so.
Yeah I thought you were supposed to use IsolateDestAddr if you wanted to differentiate the exit nodes.

P10670
>Really? I thought that there's only one stream for all clearnet websites and that stream changes every ten minutes or so. Is that a new Tor browser feature?
Open a bunch of clearnet ip checker websites in new tabs, your ip will be different every time. I'm pretty sure this has been the case since the beginning of Tor. The nodes also shuffle every ten minutes as you said, but that is in addition to the streams being isolated in the first place.
>I recall the Tor people complaining that people shouldn't torrent over Tor because the lack of stream isolation meant they were effectively doxxing themselves.
Yeah since if you are using an application over Tor and then posting on a forum without rotating Tor circuits, if the modes share the same Tor exit relay, this could lead to identity correlation. But that's only a problem if they're mixing anonymity modes, and you can also configure the applications to use a different exit node. Also with torrenting the nodes can't exactly change can they? which just puts you in more risk than normal. Yuki talks about that in a later post in this thread iirc.

P10670
Do you know where Yuki is or what he's up to btw?

P10670
>Really? I thought that there's only one stream for all clearnet websites and that stream changes every ten minutes or so. Is that a new Tor browser feature?
P10672
>Yeah I thought you were supposed to use IsolateDestAddr if you wanted to differentiate the exit nodes.
It has been default in the Tor Browser for at least several years (https://matt.traudt.xyz/posts/2019-10-17-you-want-tor-browser-not-a-vpn/, written by a Tor developer). Other applications may or may not need to be configured for this.
>Side note: Tor Browser also intelligently isolates your traffic. With VPNs all of everything exits from the same IP address. With Tor Browser, all traffic from facebook.com tabs regardless of the destination domain of the requests uses one set of circuits through the Tor network while all traffic from nytimes.com uses a different set of circuits. Even if all the sites you visit use the same CDN for serving their images/videos/ads, neither the sites nor the CDN will be able to tell that it's you that is visiting facebook and nytimes at the same time.

>If you take a more robust interpretation of the point, it means that normies / low cognitive ability people should avoid using Tor since they'll get taken advantage of, which is correct for some people but irrelevant for users of this board.
Even then, it's not like normies can't be educated.
P10689
>Open a bunch of clearnet ip checker websites in new tabs, your ip will be different every time. I'm pretty sure this has been the case since the beginning of Tor. The nodes also shuffle every ten minutes as you said, but that is in addition to the streams being isolated in the first place.
Yeah, I don't recall when this wasn't the case.