So how does tor work?

it works like snake oil

Doesn't exist you idiot.

So Tor doesn't include VPN. No point in me using it then.

are you fucking retarded?

friend, it's either bait or retardation. take your pick

Basically, it gives you the illusion of anonymity while the NSA laugh at how much of your info they have.

It runs through the NSA cloud

wtf i love tor posting now

Tor allows you to download swimsuit and gymnastics videos of very young girls from YouTube with absolute anonymity.

FBIniggers will never know

If that's all Tor is good for, it's kind of lame. Where's all the kickass cyberpunk underground stuff at?

it really is a honey pot

This is a myth no pedo has ever been v& and Tor is 100% safe

t.NSA

The Silk Road disagrees with you

...

...

Magic, duh.

you incompetent nigger like 80% of tor exit nodes are owned by the nsa

unless you build your own cpu from scratch or are okay with 90's speed you're gambling. software doesn't matter much anymore. not to lel blackpill, it's important to know that if you're online on a computer you're statistically fucked.

doesn't matter who runs the exit nodes as long as they don't control all nodes of a connection you are fine, just don't send personal information over it

youmrr>>7592723
quit trolling faggot

DPR was retarded tbh. He used his own personnal email to regisyer and pay for the SK server. Thats how he got caught

Source?

Nah. I'm pretty sure there's no point in using Tor since it doesn't include VPN protection.

How is it safe and am I able to download Tor on my phone?

torproject.org/about/overview.html.en

In the Snowden leaks, it was revealed that the NSA found Tor surveillance very difficult. If you have evidence that's no longer the case, post it.

The Silk Road was brought down by bad opsec by Ulbricht.

Tor is available as Orbot on Android. I don't know about iOS.

there's alternatives without the mass of bullshit. claim glow in the dark op all you want, 000000

Your posts read like they're the result of a madlib or a Markov-chain generator. They border on nonsense.

how about the fact is was created by them

The NSA did not create Tor.

pretty sure it was the Navy that created Tor, user

does tor grammar check?

You're really hung up on this whole phone ordeal.

>and to top it all off, he kept a fucking diary with detailed descriptions on how he set up the site, along with detailed accounting information
Ross wasn't caught because Tor is broken. He was caught because he's a fucking idiot.

Just like these two faggots.

Well, he done fucked up at the first hurdle.

All is see is two healthy young man jailed for no reason. Jailing people for no reason is a sign of mental retardism.

Or a retarded justice system.

They fugged a 4 year old and ran two of the largest cp related forums on the deepweb. They got fugged because of their opsec and LEA, in this case Argos used their kike magic again.

They were jailed for their own stupidity and delusions thinking they were safe because of their backgrounds.

Rip another Marabro though.

pretty disgusting, even by pedo standards

...

...

this thread was 4 people shitting on each other why is Holla Forums like this

this

tor works best with javascript running

1/2 true, unironically

it's best when you are looking at CP, javascript makes pictures load faster and increases your download rate

based JavaScript tbh

Using Tor with a VPN is pointless. Using Tor is pointless. It's just shit, because it's compromised.

any good links no bullshit?

OK trolling aside.
* Tor works by encrypting traffic and routing it through multiple nodes (other users) then out an exit node
* It can be used both to access normal websites and special hidden sites with .onion addresses (e.g. drug marketplaces)
* It means your ISP can't see what you're doing, and the website you connect to can't normally see your IP address - which frustrates low-end data gathering and surveillance
* There's a limited number of exit nodes and some of them are compromised
* This shouldn't matter unless a significant number of nodes along the way are also compromised (in which case the clearnet signal between the exit and the website can be traced back to your IP)
* Tor is not a VPN; it's possible to use Tor and a VPN at the same time, but I've heard it's difficult to do this securely
* VPNs often also use onion routing and multiple users per IP to make traffic invisible, some also encrypt traffic between you and the VPN, but they're more vulnerable because you're trusting them not to keep logs (assuming it's a no-logs VPN)
* The Lavabit case suggests the NSA can use secret courts to force a VPN to do this
* One LulzSec member was caught because he was relying on a "No Logs" VPN which snitched
* Traffic between the exit node and the destination site (unless it's a hidden site) is NOT encrypted
* Tor was initially part-funded by the US Navy and DARPA, the defense research establishment, because of its usefulness for hiding sensitive military web traffic (DARPA fund lots and lots of cyber-research)
* Snowden recommended using Tor
* a secret presentation leaked by Snowden, "Tor sucks", suggests NSA will never be able to decrypt all Tor traffic
* State agencies such as Britain's GCHQ use Tor for their own spywork, suggesting they believe it's strong
* Dread Pirate Roberts was not caught by using Tor, he was caught by opsec errors as explained above
* Tor was once compromised using a vulnerability in Firefox (which is the basis for Tor Browser) which has since been fixed
* Researchers demonstrated another vulnerability which can deanonymise traffic by flooding the network with malicious nodes; this has also been fixed
* The NSA stores all *past* encrypted traffic for future decrypting. Will quantum computing expose darknet users decades later? Probably not (it doesn't weaken traffic encryption much), but it's a worry
* All software may or may not have other bugs which are not know or have not been fixed; we don't know if the NSA know any of these bugs (but probably not, since they'd catch a much higher portion of "bad guys"… unless they're *deliberately* not raiding so as to keep quiet)
* For psyops/PR reasons, LEOs publicise successes greatly and spew "nowhere to hide" rhetoric, but quietly conceal dead-ends
* Some countries, such as Russia, will rarely cooperate with western LEOs; it's generally accepted that it's safe to hack from Russia as long as you leave Russian sites alone
* There's published research of all publicly recorded arrests for using DNM here: gwern.net/DNM-arrests, the numbers seem very low if Tor is compromised (considering there are over 100,000 users, see theguardian.com/society/datablog/2015/jun/08/global-drug-survey-2015-buy-online-darknet-silk-road). Common threads in these cases are 1) agents posing as sellers (common in weapons cases), 2) drugs intercepted at international borders, and 3) sellers being busted and feds going through their address book.
* A great many hackers are caught because of bad opsec and not bad tech (see thegrugq's Opsec for Hackers)
* These often involve undercover agents or "turned" hackers (e.g. Sabu, Lamo)

what means 'good' here?

continued
* Freedom Hosting was shut down because it was run using a virtual private server which connected to a home IP over clearnet
* High-end cybercrime users are at risk of detection from network use patterns since they have to use Tor very heavily
* Inbuilt software such as Flash and Java might bypass Tor even if run in Tor Browser
* LEO's have been known to seize darknet sites and keep them running so as to seek to compromise users. Remember this when using in-site features such as DNM "encrypt"
* Downloaded items (pdf's, doc's, videos etc) may also contain malicious content which "phone home" outside of Tor (this was used to detect around 100 pedos from a compromised darknet site). Security experts suggest opening such items offline, ideally on another device which never goes online
* Tor does not protect any information you voluntarily give out, or which is know by a site you're logging into (e.g. Facebook)
* Tor does not protect from surveillance techniques based on observable patterns such as regular use and keystrokes (one pedo was caught by using the word "hiyas")
* Tor users can be deanonymised by correlating encrypted with unencrypted activities
* Tor also does not protect against threats such as rootkits and keyloggers, although TAILS does to some degree
* Unless you use a bridge, your ISP and therefore the NSA knows you're using Tor. The NSA is also trying to find out who's using bridges. This is a long list and not much use to the NSA; but experts recommend using Tor for ALL web use or not at all, since otherwise, times of illegal activity will be clearly identifiable
* Sometimes the fact that someone's using Tor at a certain place and time is enough to prove "guilt" (e.g. bomb hoax case)
* It is almost impossible to torrent over Tor (Tribler has a Tor-like structure but turns you into an exit node)

So as far as we know, Tor is not compromised - if it was, then LEOs would be far more effective - but it only protects against certain types of threats and users need to be aware of these.

t. FBI

Got any proof of that?

tor is shit runs like shit why use it.
tried it like ages ago took forever to load pages can't image trying to download anything thru it.

Actually, quantum computers will break Tor completely. Tor uses AES-128 for symmetric encryption, which is susceptible to Grover's algorithm, which cuts the effective key length in half. So this would reduce AES-128 to effectively 64 bits of security – about equal to DES, which was considered broken in the mid 1980s. That's not feasible to break with a PC (a computer running the latest i7 would take ~12,000 years on average to brute force the key), but that's mostly because such a PC only has 8-12 cores and two threads per core, limiting parallel calculations (brute forcing a key is extremely easy to parallelize). A large distributed computer could perform a 64 bit key lookup in perhaps a few hours at most.

All of this is pointless, however, because Tor uses Ed25519 for asymmetric cryptography (to encrypt the connection while the session key is being transferred). Ed25519 is based on the fact that finding the discrete logarithm of a large number is difficult to do, which is the case for normal computers. But a quantum computer can run Shor's algorithm, which is capable of finding the discrete log of a large number in polynomial time (in other words, the time required to perform the operation increases in a linear or quadratic fashion as the key size increases, instead of exponentially). This means that given a Tor relay's public Ed25519 key (which must be publicly known to connect to the relay – it's published in the relay descriptor), a quantum computer will be able to trivially calculate the relay's private key. Using this, it would be able to decrypt the key exchange simply read the session key as it is negotiated (Tor uses a Diffie Hellman key exchange to transfer the key, which is technically safe even if the exchange is unencrypted, but the exchange is also broken by Shor's algorithm, which will allow the key to be determined). Using the session key, it can then decrypt all the rest of the traffic. It could also impersonate the Tor relay and MITM your connection, or modify your traffic before passing it along without you being able to know that it had been modified.

This isn't just a Tor problem. All asymmetric cryptography in use today is vulnerable to Shor's algorithm or a derivative of Shor's algorithm. RSA, ElGamal, Ed25519 (and all other elliptic curves), etc. All the cryptography used in everything from HTTPS to SSH to VPNs to Tor will be trivially broken as soon as quantum computers become a thing.

I know, right? I got dial-up internet back in 1996, and it was so damn slow. Swore off the internet forever after that. Everyone knows that things never improve or change, but stay exactly the same forever.

Long after I'm dead. They can't van me if I'm dead.

Hey fellow Tor bro.

Tor devs have already been working on NEWHOPE, a post-quantum-secure key exchange protocol. It's true that a quantum computer capable of running Grover's and Shor's algorithms efficiently will weaken symmetric crypto and utterly break crypto based on integer factorization, the discrete log problem, and elliptic curves, but Tor can be changed to protect against that.

Of course, that's not much consolation re: the stored communications that the NSA, GCHQ, and other entities have slurped up and stored, but as you pointed out, that will affect everything that uses today's crypto standards. Your TLS sessions with your bank, your email provider, PGP-encrypted email, etc.

If you're relying solely on some random Tor nodes you deserve to get fucked, at least the first hop should be something more trustworthy like a vpn.

Maybe. Or maybe the NSA will develop a practical quantum computer in the next decade or two. We already have public working quantum computers (IBM made theirs accessible over the internet; you can run your own programs on it). They just aren't big enough yet to break any real keys. The largest working quantum computer is 49 qibits. Running Shor's algorithm requires a quantum computer with two times as many qibits as the number of bits in the key. So a 2048-bit RSA key will require a 4096 qibit quantum computer. That may seem like a lot, but if quantum computers have a breakthrough like standard computers did in the 1980s and 90s, that 1000x increase could only take a few years to develop. Consider that CPU speeds went from 20 MHz in 1993 to over 2000 MHz by 2000.

It is entirely possible that we could have quantum computers capable of breaking all cryptography in use today in the next twenty years. Or, it may take decades more. There's just no way to tell.

Also of note is that Tor used 1024-bit RSA for asymmetric crypto up until 2014. This is likely within the NSA's ability to decrypt today, without needing a quantum computer. So if they stored some traffic and have decided to start decrypting suspicious traffic (i.e. all connections that took place around the time of someone posting something they're interested in), they could do it.

Sup.

And, yeah, unless the spooks are way ahead of everyone else on quantum computer development, it's going to be decades before the cryptocalypse. I do plan to be alive that long, but I've never done anything over Tor that law enforcement would care much about, and the statute of limitations for pretty much everything but murder will have long since expired.

We can only hope.
Fuck. I can't say the same.

SHITSHITSHITSHIT

Good thread btw guys and the posts were suprisingly very inciteful. Thanks guys.

Have to be a degenerate somewhere else now. Have a nice day/night everyone.

Don't lose hope. All it takes is a few angry niggers to raid the spooks and burn the backups. Unless of course the spooks live in a bunker, and the backups are backuped in China.

The NSA data storage facility in Utah is probably quite secure. They wouldn't send backups to a non-FVEY country, but GCHQ may very well have one.

I'm not sure a VPN is more trustworthy than a Tor relay for anonymity purposes. They're definitely logging information about your traffic when you use them, and if they're give a subpoena, they will provide the information to law enforcement.

The good news is that the NSA probably can't store all Tor traffic indefinitely. Tor consistently handles about 100 Gbit/s. That's about 385,000 terabytes in a single year, or almost 100,000 4TB hard drives. When you consider that the NSA likely collects and stores a lot of normal internet traffic as well, and that they probably also devote some data center space to computers for factoring crypto, I doubt they'll devote that kind of space to storing all Tor traffic. They probably keep all Tor traffic they can collect for some length of time, maybe a few months to a year, and after that they just keep "suspicious" traffic, like traffic that occurred around the same time as some event.

This post right here is why shitposting is the superior form of communication on the chans. All user has to do is to "be wrong on the internet" and the truth will come flowing like a stream of water down a hillside.

good thing my vpn is based in panama and run by alleged neonazis. I love not beeing an amerimutt

lang lebe der fuhrer

Does your VPN have any servers in America, or any American client states (Canada, Australia, or Western/Central Europe)? Is your VPN incorporated in any of the above countries? Does the VPN have a large number of customers from the above countries? Does a substantial portion of its traffic cross routers in the above countries (almost certainly the case, as the majority of internet traffic passes through America, not to mention Europe, Canada, Australia, etc). If so, it doesn't matter if the organization is officially located in Panama; it's still subject to American pressure.

Also, that's not counting the fact that the NSA's tailored access operations operates CNE implants on thousands of servers around the entire world.

So yes, the entire world is American jurisdiction, as far as the NSA is concerned.

Also, there's the fact that traffic analysis against VPNs is trivial. So they don't even have to have access to the VPN. They just need to record traffic going into and out of it (easy given the fact that the NSA has tapped the world's undersea fiber cables) and correlate your traffic.

Basically if LEA want your shit then they can get it from your VPN provider in a heartbeat.

inb4 but n-no logs VPN

Well they get paid for it, and if they aren't required by any law to keep logs, why should they do that and potentially ruin their own business? The VPN could be a honeypot, but the cost of running a VPN service is much much higher than setting up Tor nodes, so I'd argue that the chance of picking a malicious Tor node is far more likely.

But why wouldnt you just get a VPS and setup your own VPN.
Fucking normies.

what is happening in this image and why is it blurred?

They probably store all Tor Traffic they can get their hands on. Due to the decentralized structure that would be only a fraction of the overall traffic.

you do know what plausible deniability is? Until they have it black on white from a provider that it was you who pirated a dvd (with connection data), they can only accuse you of a crime. As long as you do not admit anything, they cannot prove it was you who did it. If you have a good lawyer, you will be out of jail in no time provided your PC is encrypted and you do not use 1234 as your password. This is why your "traffic in and out" is only good in theory. It could be anyone else who had the same pattern.

If the VPN company is based in Bumfuckistan, then they are not legally bound to kiss USGOV ass. They legally only have to comply with Bumfuckistan law. Why would they hand out data to the US? What will USgov do if they don't? Send drones to bomb them? This is why the best VPN companies are all based in meme countries like panama, belize, switzerland or hong kong. They only have to follow local court orders and even if a local court would bully them into complying, what would they hand out to the US gov anyways when they don't log unnecessary data? Then also what happens when your company is based in seychelles but the server used for crime is in russkyland? Seychelles will likely not ask you for logfiles for a crime that was not comitted on their soil. Russkyland never gave a shit about what the US wants either.

Anyways, VPN is only for protecting against MAFIA anyways, so if you are a pedofag you better use a combination of VPN and TOR to make sure you are behind 7 boxxies.

please stop posting child abuse victims

They probably don't keep logs in the sense that the don't store detailed information about who is connecting to what when on their own servers. But there are several instances where a VPN would have to keep logs.

Does your VPN limit your data or charge you based on how much bandwidth you use? In that case, they have to keep logs that at least show when you log on, when you log off, and ever connection you make in between so they know how much data you're using.

Does your VPN limit the number of devices you're allowed to use at once? If so, they have to log information about when and how you log on and when you log off.

Then there's basic network security. Any VPN will have to log information regarding which IPs are connected at any given time and how much data they're sending and what kind of data they're sending (in terms of what kind of TCP packets – are they sending a lot of SYNs or opening a bunch of half-open connections?) just to prevent their servers from being DDOS'd.

Then there's the prospect that they're selling information about your browsing habits to advertising companies for extra revenue. Any free VPN is certainly doing this, but the fact that you pay for the VPN doesn't prove that they're not still selling your information. It's entirely possible that your VPN provider will sell your information just for extra shekels. They wouldn't even have to go against their official "no logs" policy to do this – after all, they're not taking or storing the logs themselves. They're just sending the information to a third party company, which is doing all the logging on their behalf. They might not even know the details about what logging is going on in particular. So they're technically not even lying.

At the end of the day, the only way to know for sure that your VPN provider isn't logging everything you do is if you're the one who set up and currently maintains the servers they use. Your VPN may very well not record any logs. Or they could be recording everything. You simply have no way of knowing, and in the absence of any evidence, I would suggest not trusting them on their word. IIRC some UK pedo that used an "offshore VPN that doesn't keep logs" instead of Tor was caught after said VPN provided the logs they didn't officially keep to the police that the officially said they'd never cooperate with.

An excuse to get a search warrant to establish evidence.

Except traffic analysis attacks against VPNs have sub-1% false positive rates.

Unless they have servers in the US, in which case America will threaten to shut them down, and the company will bend over backwards to appease the US so their business doesn't get shut down. Or if they have servers in any American client nations (UK, Canada, Australia, New Zealand, and every country in Western Europe), which America can apply pressure on to cause those nations to in turn apply pressure to the VPN to provide the information to the US or have their servers shut down. Or if the majority of the VPN's traffic goes through America (again, very likely), in which case America can threaten to drop all traffic coming from that VPN's IP unless they comply.

Then there's the human element. Does anyone working for the VPN have any family in America (or any American client states), or have any intention of traveling to America (or any American client states) on work or vacation at any point in the future? If so, America can threaten to arrest them the moment they step foot in the country. So unless they want to spend the rest of their lives never being able to step foot in America, Western Europe, Canada, Australia, or New Zealand ever again, they're going to comply.

And what about if anyone working for the VPN provider has any bank accounts in America, Western Europe, Canada, Australia, or New Zealand? If so, they can kiss goodbye to that money once their accounts are frozen.

You have no damn clue what you're talking about. There are so many ways for America to apply pressure to "offshore" VPN providers. And make no mistake, they will cave. You're nothing to them but a monthly subscriber. They don't give a shit about you aside from the shekels you throw them. Do you really think they're going to risk that kind of damage to their business or their lives for some customer paying them $9.99 a month?

No
No
But even if they did, this information is only temporary required, so if they come weeks, months or even years later and ask for that data it would be long gone. This is even more true for currently open connections, at this point it gets kind of absurd, what I meant is storing information over long term.

I totally agree that you can never be sure, even if you run your own VPN the Datacenter around it can be compromised.

stop using VPNs from certain countries. stick with countries that have no or minimal connections to the USA

Ideally, yes. However, if the people running the VPN are lazy, they could have the logs set to rotate when a pre-defined size was reached. So the servers could just be storing logs until the total size of all the logs hits some value, at which point the oldest logs are deleted as new logs are generated.

It would be much better to have a script set up to delete all logs older than a few hours or a day or so. That would give the VPN providers enough time to act on the information. But that's effort, and I've seen too many cases of lazy systems administrators making poor decisions to ever fully trust that anyone is running their VPN servers in the ideal manner.

At least with Tor you've got three hops, so all three have to be storing logs, and the FBI has to get to all three of them before the logs are gone on any one of them, in order to trivially deanonymize you. And since Tor repeats traffic instead of tunneling it, it isn't vulnerable to TCP or IP packet leaks, and since Tor splits traffic into 512 byte chunks it's far more difficult to perform traffic confirmation. Then there's the fact that Tor has many more users than most VPNs, rendering traffic confirmation less effective. For a traffic confirmation attack with a 0.5% false positive rate, an adversary would have to sift through ~12,500 possible Tor connections to try to find the "real" circuit he was looking for, as opposed to just five connections on even a busy VPN with 1000 concurrent users.

So if you're doing anything you really don't want anyone to know about, use Tor. You can use a VPN before Tor if you want, but using a VPN instead of Tor is a bad idea. Using a VPN after Tor is also a bad idea, since it gives you a permanent exit node and allows them to correlate all traffic you send as being from the same person, whereas with Tor you get a new exit every ten minutes. Also, if you pay for the VPN all they have to do is use your payment information to deanonymize you, which is possible even with tumbled bitcoin (even if the tumbler is legitimate).

tor is based

t. FBI

Jews hates TOR

It's not just servers, it's the company itself.

For example, say you connect to a VPN that is outside of the 14 eyes, but the company that hosts the VPN servers is in a 14 eyes country. There is also the issue with the VPN's host ISP.

But being honest with you, you shouldn't be worried about what the VPN host sees as much as you should be worried about your own ISP, so its better to have a VPN than not to have one at all, you're being spied on one way or another.

Your best bet is to use someone elses internet, on a VPN, and up your OPSEC physically, heavily.

t. opsec specialist

based

Its common sese, user

Dysnomia, unban Mr. Faggot. Pretty please!