I always read about how people get caught when they are the only ones using tor on a network

I always read about how people get caught when they are the only ones using tor on a network.

I have a isp provided router. Should I bother using tor ?

Other urls found in this thread:

torproject.org/docs/faq
whonix.org/wiki/DoNot)
blog.torproject.org/tor-browser-709-released
twitter.com/NSFWRedditImage

You shouldn't use Tor, for the sole reason you don't understand what you said in your post.

where did you read this? i remember one school student story who admitted a crime

if you want to do bad things then gtfo, and no, you shouldn't bother using tor

t-thanks..

on imageboards and yes that is the only case I can recall now regarding this issue I have. I am misinformed regarding that ? Was it a timing atack ?

I know about pluggable transports. I'm talking about just plain old tor bundle.

Unless you try to install Tor on ISP router, you should.
There is nothing wrong with using it, don't listen to faggot politicians. It depends on country where you live, but I'd suggest using bridges or pluggable transports to avoid automatic DPI and censorship laws. In fact, you can even post here, on Holla Forums through Tor like all l33t hackers do. Go to oxwugzccvk3dk6tj.onion (or click link in top row when using Tor Browser)

Don't do stupid shit (those people did), read the manual first (torproject.org/docs/faq whonix.org/wiki/DoNot) and don't be a pussy.

No the guy was the only person using tor on a university network which happened to be the university he made the bomb threat at. They did some email sleuthing to confirm he must have been the culprit.

People get caught because of bad opsec or because of browser vulnerabilities that could be avoided by turning the security slider all the way up.
And just to be clear - if you're not actually using it for anything illegal, then there's nothing to get caught for, and you're also safe. Using Tor for otherwise legal purposes is completely and unquestionably legal, and it's easy to tell that you are using Tor, just not what you're doing with it.

Nobody gets caught for using tor, they get caught for doing stupid shit when using tor.

Not if you use obfs4 and TOR bridges.

...

...

My sweet summer child, how come you don't understand anti-terrorism at all? Using TOR is a crime against the commonwealth and mother england.

They do, but you can use a throwaway computer to make a copy of the database and then transfer the info to (insert device here).

This is why tor is decentralised. You can set up your own intranet over ipv4/6 via tor OBFS bridges looking like https traffic. But you only get access to your friends via it. Not the world outside the bridges. So you could still share videos, images, and text. But you couldn't access anyones network outside of that privately shared bridge circle.

Just download the source code for IPFS + the latest tor + GNUnet and you are golden. You can then port it to whatever device you want that has a glibc library. Or just compile and use it on x86 bad idea btw..

That sounds dull and dismal tbh

You're wrong. There is no such law.

...

post the best darkweb links niggers

Having "friends" has always been considered haram.

I'm sorry... what exactly are you trying to achieve with that? When you connect to an obfuscated bridge, the NSA will still know that you're connecting to Tor.

The reason bridge traffic can't be singled out as Tor traffic is because the bridges aren't listed in the public Tor directory. Obfuscated bridges also protect against DPI, but if the bridge's IP is determined to be part of the Tor network, DPI is a moot point, since the NSA can determine the connection is to a Tor bridge regardless of the contents of the traffic.

However, there has to be a list of bridges somewhere and there has to be a way for anyone to get at least some subset of that list of bridges, or else it would be impossible for people to actually use them. So the Tor directory does actually have a list of Tor bridge nodes, it's just that this list is not public -- you have to either get a set of bridges from the Tor website or email them for a set of bridges.

This means that the NSA (or even a particularly motivated private company, such as Bluecoat) could get a list of all Tor bridges, either by compromising the Tor directory servers (which the NSA could conceivably do), or by requesting a set of bridges over and over again until they got all the bridges in the list (which either the NSA or a private company, or even an individual, could do).

There isn't really any way to prevent this entirely. You can harden the server containing the bridge database, but there will still be a nonzero chance it could be compromised. You can't just get rid of the database entirely, or else you wouldn't be able to actually give out bridge addresses. And you can't prevent a sufficiently motivated attacker from exhausting the bridge database with repeated requests. Sure, you can make it non-trivial to get the whole database by requiring the user to enter a captcha every time they want bridges (to prevent someone from just writing a bot to do it) or by refusing to give more than a certain number of bridges to a single IP address, but it would be trivial for the NSA or Bluecoat to just hire a few people to manually request thousands of new bridges from a variety of proxies, VPNs, Tor connections, etc.

You can't exactly require identification to get bridges, since the NSA could still get around that (and much easier than anyone else) by creating fake IDs, and because it would sort of defeat the point of Tor to require personal identification to use it, and particularly so to use a feature designed to protect people using Tor in countries where doing so is dangerous.

An attacker might not get the whole list, since there will be some churn and the bridge selection for each new request is random (so there's a nonzero chance that you just won't be given one or two bridges), but you could probably get a list of, say, 90% of the Tor bridges operating at any given time. And once you've got the list, you can trivially determine that bridge users are connecting to a Tor bridge, and therefore to the Tor network, just by querying all connections to the list of bridge IPs you got. Even obfuscated bridges are broken, because you don't need to analyze the protocol to determine that it is a Tor connection. You just need to match up IPs.

Hence what I said here
Make your own private tor network using bridges alone with obfs. That way all the traffic is https look alikes but doesn't compromise your IP if you don't add it to the directory. Everything else you said is correct though.

What needs to be dealt with next is connection padding so that the stream of encrypted bytes from obfs to another obfs server has a consistent size similar to other https traffic so that deep packet inspectors can't see anything.

Tor works well for a variety of legitimate uses. For instance, people who used Tor (or a VPN) for the last decade weren't vulnerable to the KRACK exploit. If you don't want your ISP to know you're using Tor, just use a VPN at the same time. No matter what order you start them in, Tor will be wrapped inside the VPN by default. Your ISP or anyone else watching traffic leave your device can only see that you're using a VPN. The VPN operator can only see that you're using Tor. Assuming you're using TLS, the Tor exit node operatore can't read your traffic. The remote site you're connecting to will see the IP address of the Tor exit node.
The operator of a wifi cafe/hotspot is in the same position as an ISP. He sees VPN (or Tor) traffic, and that's it. Likewise, the Skiddy in the corner (or your next door neighbor) running kismet gets nothing.
Just remember to always use TLS with Tor or a VPN so the exit node operator can't read your traffic. And even then, the Tor guy doesn't know where it came from, which is more than you can say about a VPN.

tl;dr, use Tor and or a VPN. It works fine. Ignore Agent FUD's incessant lying.

If Tor didn't work he wouldn't constantly be telling you not to use it.

But what's the use of Tor if you can only talk to people you not only already know, but who are similarly inclined towards privacy and who are willing to go to those lengths to set up a private Tor network? You might as well just communicate through images sent as email attachments with information concealed in the image by steganography. You wouldn't have any chance of being discovered to be using a "suspicious" anonymity network then, and since your method also requires all parties to know each other and engage in preparatory steps to communicate, the fact that you'd have to share steganography keys and insert/extract information isn't a downside.

Also, Tor doesn't support obfuscated bridge-to-bridge connections. So you couldn't create a Tor network consisting of only obfuscated bridges. The closest you could get would be using one-hop Tor circuits to your bridge and communicating to each other via hidden services, in which case the traffic from your bridge to the other person's bridge would be normal, identifiable Tor traffic.

Technically, anyone using a site with https wasn't vulnerable to KRACK.

Unless they're performing DPI and they see that you're sending a conspicuously large number of 586 byte packets.

Not if you use two tor instances on different virtual or real machines. One for sending via obfs and another for recieving via obfs. It would be alot of fuckery to set up the port redirection in *nix though.

Well you could make your own distribution bundled with your own TOR networks by default. That way it's like openNIC is to ICAAN's DNS, a competing service network. But unlike openNIC you could actually make the whole distribution it comes on more secure by default. Now normies wouldn't adapt it, but anyone looking for a quick cheat into a private network over the internet would use it. Especially those not technologically inclided but yet privacy minded like journalists.

*obvious CIAnigger intensifies*

There is too much to argue on, but if you want to blend in with the crowd, you'd probably use Tor. Your average Joe, Ivan, Mehmet, Chang knows about Tor because it's free and he can wank to Pornhub while at work/home bypassing firewalls and censorship. VPNS are too cumbersome to pay for, to set up, and so on. Tor just werks.

Sorry, this may be a bit off-topic.
It is not recommended to install add-ons to Tor Browser as you will stand out in the crowd, but as I mostly use it at night, if I change the font size and color and the background color using browser preferences, will it affect my anonymity?

...

Oh jolly, another "TOR IS A CIA NIGGER HONEYPOT" FBI shill thread.

Fuckoff cunts.

You shouldn't unless you know how the web browser works. The font size probably won't change anything, but it might affect css media queries and therefore result in unique fingerprint.

Fuck you FBI
I am watching Full HD loli porn on Tor, no buffering.

"tor being slow" is a bullshit spread by FBI to prevent people from installing and using Tor

And even if someone really had slow Tor, that means their ISP or government is slowing it down on purpose. That's why we need NET NEUTRALITY.

So that means forcing web pages to use a local font with specific color is also not recommended.

lel

Brainlet here, just started usining tor.

Can I get NSAED if I browse youtube with the tor browser, arrive at a video ulr, copy the url in mpv and play it over clearnet ? This counts as being connected over clearnet and tor at the same time right ?

actually he just confessed

Yes, this is why torsocks was invented. Lots of dumb niggers were captured when downloading files they got links to in tor from clearnet because tor is slow duh, because they launched live stream links in windows media player, because they opened pdf or doc files in adobe reader and msoffice that execute scripts and allow connections to remote servers by default.
But you can already be NSAed when browsing youtube, through javascript exploit in firefox.

Poor gookboi used his own password to login into university wifi captive portal and connected to public tor node. All this to avoid a fucking exam.

don't rely on an LD_PRELOAD shim to keep you safe

tl;dr, If you don't know what you're doing, don't expect Tor to keep you safe. If you do know what you're doing, Tor is an excellent tool that does its job well.

If your not 100% sure of what you are doing then you should be booting TAILS.

If you are using MS Windows then you should be booting TAILS.

Tails doesn't isolate Tor and other system on different kernels. Use hardware Whonix gateway + Windows to look like a normie for cia nigger malware exploits..

Or you could just get a user agent switcher and a oscpu switcher and use a firefox derivative on linux and look like you are still using the tor browser with windows like a idiot.

Did you completely skip the
hardware Whonix gateway
on purpose?
Ah, you don't even know what you are talking about, nigger. Tor browser always has Windows user agent.

Holy shit are you stupid? The tor browser has (((unfixed))) javascript parser (((bugs))). If you use icefox or palemoon and change the data it emits to be exactly like the tor browser on windows you are much less likely to get hacked. Especially if (((they))) have developed CSS exploits for the tor browser.

Because then you get attacked as if you were using the default tor browser bundel on windows, instead of a entirely different browser on *nix. Sure you can still use whonix as the desktop/laptop OS. But make sure you fucking secure that router with something that changes the MTU to look like a windows machine.

MTUs are changed on each tor node to generic linux/freebsd, if they have the first one, you are already fucked.

Weak.

If you are accessing tor over a bridge it will look a while lot nicer on that obfs4 connection if your MTU is of windows to your ISP then it would if it were unix based. Especially considering in such a case as all traffic being intercepted and cataloged automatically. If someone is using a windows MTU it won't stand out as much, as say openbsd.

The reason he got caught (assuming I am thinking of the same story) is because he made a bomb threat. Obviously someone making a bomb threat to a specific location is highly likely to be a person who is in the general vacinity of that location. This makes it easy to simply check who is access Tor from that location. Are you planning on announcing a bomb threat to your building or engage in any other localized criminal activity?

...

...

bump for the reference

This release features an important security update to >Tor Browser for macOS and Linux users. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser.

lol blog.torproject.org/tor-browser-709-released

Windows stays winning

I've recently discovered how easy it is to programmatically get a list of all display client titles (window names), and the tor browser displays the active tabs name as the window name

tl;dr Tor Browser is pretty much useless on a computer that runs any form of proprietary software (if your plan is not to hide your identity from site hosts)

If you're a programmer and you try to put yourself in the position of an NSA digital forensics specialist trying to figure out new ways to mass surveil, you will come up with a lot of stuff.

Basically never use tor browser on windows

Windows sends screenshots back to Microsoft. What's the point of this thing you came up with?

Lolis are small, they produce less pixels to compress.

Tor Browser is a normie-tier solution, though. It should be easy to see that it is not suitable for all tasks. If you participate in any activity that may bring attention of any entity that is able to hack it, you will be hacked. You should downgrade to using much simpler protocols and much simpler clients to transfer much simpler data, then.

t. Agent Fud

i was doing that on linux, not windows

Not only is this completely out of scope for Tor, it's something that's obvious.

Unless you use a proper window manager with sandboxing. Or maybe you forbid said proprietary programs to access internet.

GNU/Linux

If you use tor over a VPN then your ISP only knows you are using a VPN and not tor.

And if any of you niggers are on here and not using a VPN by default regardless of whether you are using tor, please kill yourselves.

You rent a router?