InfoSec thread

They funded it to undermine censorship in places like China. Aids in the bigger game plan of undermining foreign governments. Source code is all there to read if you don't trust it.

The FBI has compromised it by controlling a large number of nodes which gives them the ability to track most traffic. Or at least that is what I've heard. I'm sure they've also exploited zero days to hack site databases and shit.

Very.

Btw, we need a proper security thread.

Tor should go first, no? That way VPN wouldn't know anything about you (provided you pay for it anonymously).

No, vpn should go first. If you really really paranoid you should pay for the vpn with buttcoins, only connect via public wifi, and boot off a livecd. Of course there are also hardware security concerns, but that's a bit more a pain in the ass to deal with.

If VPN goes first then it knows your real IP. There is no need to pay anonymously at this point.

Here's how it's vulnerable:
-allows bad OPSEC. people use TOR browser and think they're invincible, go browsing around with Javascript and Flash enabled. Get hacked.
-everyone knows you're using TOR. Sure, they don't know what site you're visiting, but if you access TOR on your home connection or via some other identifiable method, you stick out like a sore thumb.
-thumbprinting. People can be identified by their language, typing patterns, mouse movement, browser addons, etc. etc.

So why is the US government funding TOR? Simple: some parts of the state (IE the CIA crowd) support foreign regime change. They think TOR is a useful tool for their regime change efforts. They don't care about drugs or CP, that's the job of the FBI and the ATF.

There's no evidence that TOR is totally compromised, but for the above reasons, you should be very cautious about it.

That depends on if the VPN keeps logs, most claim they don't but I think it's bullshit the best you can hope for is having a VPN in an annoying jurisdiction to get a warrant for.

It is more to prevent your ISP knowing that you are using Tor, plus I have the VPN for torrenting anyway so if they are logging then they know my IP even if I paid with bitcoins.

Connecting to a VPN through Tor will stop the exit node from snooping on you and prevent the VPN from knowing where you are connecting from but you can't torrent over it and your ISP will know you are using Tor.

I've experimented with doing both e.g VPN1->Tor->VPN2 which works well provided you have a fast connection and VPNs.

VPN absolutely goes first. This way you don't show up as a TOR user to your ISP. VPN in → TOR → (optional) VPN out. And yes, public wifi away from cameras or prying eyes is preferred.

: the best security is to STFU! Don't use the internet for sensitive discussion period. Activists should plan and communicate in person and via dead drop.

Is this really important? I mean, use of VPN will be noticeable anyway.

use full disk encryption with a hidden volume, so when the government forces you to give them your password, you give them a different password that only un-encrypts a fake volume with nothing questionable on it
keep your real password

Use of VPNs are more prevalent than Tor as they are also used in a business setting, Tor also has a lot of bad press surrounding it and is harder to track than a VPN which could raise more suspicion.

...

whoops, I hit reply before finishing my post ..
keep your real password on a yubikey or something else secure, it should be long and random enough to be impossible to crack

you can destroy or swallow the yubikey, or put it up your ass to keep them from getting it

in case they do get it, part of your password should be memorized and not on the yubikey

Also I forgot to mention that if you are using only Tor and someone has access to your ISP it is possible to use a traffic correlation attack to deanonymize you easier. They could also do this if they had access to the VPN you use, but it depends who you trust more?

Resources:
securityaffairs.co/wordpress/17489/intelligence/traffic-correlation-vs-anonymity-on-tor.html

deepdotweb.com/2016/10/25/tors-biggest-threat-correlation-attack/

I gave up giving a shit, I hope someone in the NSA is having a laugh

I don't care anymore. I'd masturbate in front of an NSA agent, I just don't like the idea of my phone camera being used because of all the awful angles I must get.

Get my good side faggots

This is all good and well, but when shit hits the fan all those anti porky statements will get you on the list and in the the shooting line quicker than you can rub one out.

make some thermite and attach it to your hard drive, add a bit of magnesium, wire it up to a power source with a button to ignite it, when the feds kick down your door just press the button and your hard drive will melt in seconds

Good, I hope they do

Come and get me fuckers

Most people use Tor browser just to avoid being tracked while they visit the same banal websites (news & entertainment), and I don't see how government agencies could hack these people without taking control of those websites, injecting them with browser exploits or advanced trackers, and ruining their reputation in the process.
People who actually get hacked are visiting honeypots somewhere within the onion network, and I've heard multiple times that they're hard to find even if one would deliberately try to.

Balls of steel

you can bitch and whine all you want but in the end you won't do shit Holla Forums is just filled with neets who whine about 'muh capitalism' and 'muh spooks'

I'm not ignorant of the surveillance state, just too poor, depressed and lazy to do anything about it. My means of protest is to be so fucking miserable that the spooks can't get through building a profile before they kill themselves.

Of course, that joke is based on a misconception as well; there's no government agent profiling me. In reality, no human has, or likely ever will actually touch my profile. My data just gets scraped and archived by machines, never meeting human eyes until the algorithm raises flags, I begin to pose a threat to the establishment, or achieve a position close to someone who does.