...
I always read about how people get caught when they are the only ones using tor on a network
Landon Cruz
Wyatt Wright
My sweet summer child, how come you don't understand anti-terrorism at all? Using TOR is a crime against the commonwealth and mother england.
Nathan Phillips
They do, but you can use a throwaway computer to make a copy of the database and then transfer the info to (insert device here).
This is why tor is decentralised. You can set up your own intranet over ipv4/6 via tor OBFS bridges looking like https traffic. But you only get access to your friends via it. Not the world outside the bridges. So you could still share videos, images, and text. But you couldn't access anyones network outside of that privately shared bridge circle.
Just download the source code for IPFS + the latest tor + GNUnet and you are golden. You can then port it to whatever device you want that has a glibc library. Or just compile and use it on x86 bad idea btw..
Brayden Martin
That sounds dull and dismal tbh
William Cox
You're wrong. There is no such law.
Thomas Nguyen
...
Camden Ross
post the best darkweb links niggers
Jayden Ramirez
Having "friends" has always been considered haram.
Jaxon Butler
I'm sorry... what exactly are you trying to achieve with that? When you connect to an obfuscated bridge, the NSA will still know that you're connecting to Tor.
The reason bridge traffic can't be singled out as Tor traffic is because the bridges aren't listed in the public Tor directory. Obfuscated bridges also protect against DPI, but if the bridge's IP is determined to be part of the Tor network, DPI is a moot point, since the NSA can determine the connection is to a Tor bridge regardless of the contents of the traffic.
However, there has to be a list of bridges somewhere and there has to be a way for anyone to get at least some subset of that list of bridges, or else it would be impossible for people to actually use them. So the Tor directory does actually have a list of Tor bridge nodes, it's just that this list is not public -- you have to either get a set of bridges from the Tor website or email them for a set of bridges.
This means that the NSA (or even a particularly motivated private company, such as Bluecoat) could get a list of all Tor bridges, either by compromising the Tor directory servers (which the NSA could conceivably do), or by requesting a set of bridges over and over again until they got all the bridges in the list (which either the NSA or a private company, or even an individual, could do).
There isn't really any way to prevent this entirely. You can harden the server containing the bridge database, but there will still be a nonzero chance it could be compromised. You can't just get rid of the database entirely, or else you wouldn't be able to actually give out bridge addresses. And you can't prevent a sufficiently motivated attacker from exhausting the bridge database with repeated requests. Sure, you can make it non-trivial to get the whole database by requiring the user to enter a captcha every time they want bridges (to prevent someone from just writing a bot to do it) or by refusing to give more than a certain number of bridges to a single IP address, but it would be trivial for the NSA or Bluecoat to just hire a few people to manually request thousands of new bridges from a variety of proxies, VPNs, Tor connections, etc.
You can't exactly require identification to get bridges, since the NSA could still get around that (and much easier than anyone else) by creating fake IDs, and because it would sort of defeat the point of Tor to require personal identification to use it, and particularly so to use a feature designed to protect people using Tor in countries where doing so is dangerous.
An attacker might not get the whole list, since there will be some churn and the bridge selection for each new request is random (so there's a nonzero chance that you just won't be given one or two bridges), but you could probably get a list of, say, 90% of the Tor bridges operating at any given time. And once you've got the list, you can trivially determine that bridge users are connecting to a Tor bridge, and therefore to the Tor network, just by querying all connections to the list of bridge IPs you got. Even obfuscated bridges are broken, because you don't need to analyze the protocol to determine that it is a Tor connection. You just need to match up IPs.
Brody Price
Hence what I said here
Make your own private tor network using bridges alone with obfs. That way all the traffic is https look alikes but doesn't compromise your IP if you don't add it to the directory. Everything else you said is correct though.
What needs to be dealt with next is connection padding so that the stream of encrypted bytes from obfs to another obfs server has a consistent size similar to other https traffic so that deep packet inspectors can't see anything.