Thread replies: 103
Thread images: 10
Thread images: 10
hi /g/
Do you think tor is still safe in 2017? I hear a lot that tor is compromised
>>
>>59240416
As long as you use https, tor, and a bridge you are pretty safe
>>
File: Lolicons do NOT have human rights 02.png (339KB, 814x678px) Image search:
[Google]
339KB, 814x678px
If you're a pedophile you're fucked.
>>
Do you want to expose the crimes committed by agencies like NSA?
Probably not safe
Do you want to buy weed?
Tor is just fine
>>
Use private obfs3/4 bridges
>>
>>59240442
no i'm not
>>
But it is still safer than any vpn?
>>
Does anyone have any links/resources for securing my online privacy?
>>
>>59240927
Common sense.
>>
>>59240927
disable cookies, install no script, use tor, rent a good vpn for example: www.perfect-privacy.com
>>
>>59240927
https://gentoo.org/
>>
>>59241058
Aka be as autistic as possible
>>
>>59241058
use NordVPN instead, any of you cunts want a referral code?
>>
>>59241204
is it safer than tor? Give me the referral code pls.
>>
>>59240416
Tor is safe if and only if you do two things:
a.) Practice proper opsec. Don't talk about your real-life identity, job, hobbies, not even what the weather is like where you live. Keep your anonymous browsing and your other browsing completely, 100% separate.
b.) Disable javascript. No exceptions. This is how all the deanonymization attacks on Tor have worked to date - a browser exploit that needs JS in order to work.
>>59240442
Even when they catch pedos, it's always through poor opsec or JS. Always.
>>59240627
How much do you trust your VPN provider? An untrustworthy provider is worse than nothing.
You can augment your security if you buy VPN service with anonymized bitcoins, and then connect to Tor through it. Which has the added advantage that your ISP won't know you're using Tor.
>>
>>59241242
If I use tails can I keep >javascript. enabled
>>
>>59241239
post disposable email address and I will send it to you
>>
File: 1466856610753.jpg (37KB, 625x415px) Image search:
[Google]
37KB, 625x415px
>>59240416
>still safe in 2017
are you stupid? it never was safe.
Tor is basically an anti-US foreign government overthrow tool.
Tor was never meant to be FBI/NSA-proof tool. It never will be.
If you are doing something that US gov considers illegal, Tor will never be secure. If you are an activist working in some US-unfriendly country, Tor will protect interception but you still might get fucked just because you're using it and that's much harder to hide.
>>
>>59241280
No, you can't, because JS exploits can reveal your clearnet IP. Tails can't hide that.
>>
>>59241239
also ideally you should connect to it with lv-tor1, nl-tor1 or se-tor1 and then use Tor browser. it just makes using Tor more secure.
>>
>>59241308
>considers
and whonix wich have an external gateway?
>>
>>59241292
>If you are doing something that US gov considers illegal, Tor will never be secure
And yet everybody who gets caught via it, even international drug lords they want to make an example of, are caught via social engineering, poor opsec or exploitation of bugs in secondary software.
Really scrambles your eggs.
>>
>>59241308
JS exploits shouldn't work vs tor browser on tails, that only happens with poorly configured browsers and firewalls
>>
>>59241355
Same answer. The operating system has to be connected to a clearnet address and force all traffic into the Tor entry node. Basically you have to protect the OS from an attacker who wants to run malicious code on it, because the OS knows where you really are on the internet. JS is allowing websites to run code on your computer. Browsers are big complicated things with myriad bugs, and more being discovered all the time because they're big targets. Allowing JS to run while you're on Tor is letting the adversary have 80% of a deanonymization exploit against you for free - all they need is a browser vulnerability. No clever contrivance can make this safe, or a good idea, especially since if you're on Tor, you obviously care about your privacy and security, and need to shut every single door that you can. There is simply no way around it.
You MUST disable javascript if you're concerned about being deanonymized.
>>
It isn't compromised, most people who use it are fucking retarded and think it is some tool that magically makes them anonymous online.
Everyone caught either was caught because someone they trusted flipped, they configured their shit poorly, they practiced garbage opsec, or the fell for an idiot trap. I.E people who can't fucking computer.
That said doing stuff illegal online is retarded, if you want to use tor to have more privacy it will just draw suspicion.
>>
>>59240416
I think there is a law where just using Tor constitutes probable cause
>>
>>59240416
Only if you stole an old thinkpad laptop from some old factory, physically severed the webmcam/microphone connection, removed the battery and ran entirely off power, threw the harddrive away and stole a new one, install hardened gentoo and then whoonix in a vm, stole someones car, hide in the boot, le hax into someones wifi, load up 7 proxies in third world countries each running tor use the maximum privacy settings for tor browser then kill the person who owns the wifi, make it look like a suicde, throw the laptop in a furnace, take a boat out into the ocean, tie half a ton of bricks to your body and capsize the boat
>>
>>59240416
>>59241514
Just like a VPN, the weakness is in the endpoint
Disable the Intel management engine, use Coreboot as the BIOS, and use a GNU/Linux distro with FDE using LUKS.
Use a VPN thru a DD-WRT/Tomato router via SSH, DNSSEC only use open source firewalls
And again the issue is that taking all of these security measures just increases your footprint and raises questions, when you say it's to protect your privacy then as a counter-measure the other party would ask what are you doing and social/psych engineer you on your footprint, it goes without saying it's best you don't say anything
All this privacy BS took a bridge too far on the end justifies the means kind of reasoning, sure do your surveillance job but putting everyone in the same basket and then cross-referencing everything is annoying asf when you just want to safeguard your privacy, simple as that. One can protect his own privacy without condoning obscure activities, it's just too much for some officers on a career streak to comprehend
Yeah and TOR was developed by the intelligence community and they opened to populate and scramble their communications initially due to the vulnerable endpoints
>>
>>59241431
>And yet everybody who gets caught via it, even international drug lords they want to make an example of, are caught via social engineering, poor opsec or exploitation of bugs in secondary software.
you're clueless. you should STFU about things you know nothing about.
http://www.reuters.com/article/us-dea-sod-idUSBRE97409R20130805
>>
>>59241514
I throughout enjoyed your shitpost, kudos anon.
>>
We must kill all pedophiles.
>>
>>59241583
>>All this privacy BS took a bridge too far on the end justifies the means kind of reasoning, sure do your surveillance job but putting everyone in the same basket and then cross-referencing everything is annoying
Well the end we're after is to make it impossible for the surveillance people to do their jobs. Because they have not and never will be content with confining themselves to targets that are actually threats when they're able to collect data on everyone indiscriminately. Knowledge is power and power corrupts. The intelligence community poisoned the well, so we need to be working toward a future in which they see nothing.
>>
Its not idiot proof, nothing is
but if you use it correctly its safe
>>
>>59240461
snowden used Tor to expose the NSA. He got far using it and the NSA has little blackmail to hurt him.
>>59240927
https://prism-break.org
https://www.privacytools.io/
>>59241242
Tfw not a pedo but my profile in the state db might make others think otherwise, aka browsing here.
>>59241292
Tor is the best thing for legal citizens to use. It is true the state will think you are purposely hiding from them so sometimes it's better to use a VPN. However, it also helps any state because the military uses Tor too so hurting non-criminals who use it will only hurt themselves. Using it in a dictatorship might raise too many suspicions.
>>59241431
>Really scrambles your eggs.
Nah. Social engineering is the most cost effective way to catch someone.
>>59241509
>I think there is a law where just using Tor constitutes probable cause
That's so messed up. It's in the USA too. Criminals have fake ids and botnets to hide in, Tor is for the average citizen with little ability to avoid consequences of even legal things.
>>
>>59241608
You're the only clueless one here, you tinfoil hat-wearing retard. Hence you linking an article to "prove" your point which actually does nothing of the sort in any way, shape or form.
Be a good lad and fuck off back to /v/, yeah?
>>
>>59241745
that's not tin-foil you mothebreathing retard.
continue using Tor. stupid shitheads like you deserve to be in jail. you're probably some junkie/drug-dealer/pedo scumbag.
>>
If you really need to use Tor, use a device you wouldn't mind disposing of or wiping completely, and for the love of God don't use your home connection.
>>
>>59241242
>You can augment your security if you buy VPN service with anonymized bitcoins, and then connect to Tor through it. Which has the added advantage that your ISP won't know you're using Tor.
This makes the VPN useless. They know you're using a VPN so they go there and know you're using Tor.
>>
>>59241788
>They know you're using a VPN
Maybe, not necessarily. A lot of providers have servers that let you use 443 TCP, so it looks to the ISP just like HTTPS.
>so they go there and know you're using Tor.
How would your ISP know that, even if they know the service you're connected to is a VPN? They can't decrypt the traffic you send and receive. They just see a bunch of gobbledygook to and from some server in whatever datacenter the VPN uses.
>>
https://gist.github.com/joepie91/5a9909939e6ce7d09e29
>>
>>59240416
>I hear a lot that tor is compromised
Memes by tech illiterates.
The simple fact is that you can't compromize Tor. It's not some proprietary program and the way Tor works isn't technically compromisable. Tor is a network.
>>
You can't get in trouble if you're obeying the law. (aka don't order a hitman)
>>
File: HW1q3Q2.png (333KB, 931x554px) Image search:
[Google]
333KB, 931x554px
>>59240416
Scripts are enabled by default in the experimental version (just used it today). That's a major security hole right there. I'd say it's good for hiding from your ISP and for secure communications with friends (which is what I use it for), but if you plan on exchanging illegal images or videos, passing highly sensitive documents to journalists, or hiding something from your government, then I'd recommend staying the fuck away from it.
The best way to exchange sensitive information is in person using an encrypted flash drive. Agree on a passphrase with that person prior to the meeting in a secure location. Always hold the meeting a public place with lots on people around (like a coffee shop).
>>
>>59241870
>the way Tor works isn't technically compromisable
Thanks for the laugh. You're the tech illiterate here.
>>
>>59241870
>networks can't be compromised
Hmmm
>>
>>59241899
>You can't get in trouble if you're obeying the law.
Don't tell me you're naive enough to actually believe that.
>>
>>59241280
>If I use tails can I keep >javascript. enabled
>tails
Tails has more holes than a beehive. You're safer just browsing the fucking clearnet with your Windows XP machine.
>>
>>59242011
i'm surprised porn history "leaks" for character assassination haven't started already
>>
>>59242045
http://securitywatch.pcmag.com/privacy/318419-nsa-s-porn-shaming-strategy
>>
>>59242029
is whonix more secure?
>>
>>59242078
>http://securitywatch.pcmag.com/privacy/318419-nsa-s-porn-shaming-strategy
Good job I'm asexual. NASA BTFOBBQ
>>
>>59242082
By now, probably not. You have to realize that Linux is a fucking shitfest when it comes to security, and "secure" distributions like Tails or Whonix are naturally going to be researched more than your own custom distro.
>>
>>59242082
Yes it is but if you want ultimate security, download and install Qubes. It comes with Whonix already setup by default. It's vastly more secure than even Tails. Tails is really only for hostile environments.
>>
Ok I understand tor is good for protecting your privacy but if you crack into a router or an email acc you get busted buy the cops
>>
>>59242100
>By now, probably not. You have to realize that Linux is a fucking shitfest when it comes to security, and "secure" distributions like Tails or Whonix are naturally going to be researched more than your own custom distro.
There is so much wrong in this post. It reeks of a Windows 10 user talking about security.
>>
>>59240416
>I hear a lot that tor is compromised
tor itself isn't but some exit nodes are compromised as off course people who volunteer to run one are often law enforcement. So as long as you
-only use HTTPS
-never ever enable javascript
-dont be an idiot who reveals his identity by telling people stuff that could identify you
you're totally safe to leak your state classified information and watch your kiddy porn as much as you like
All other stories are memes mostly made up by vpn companies
>>
>>59242172
>so much wrong in this post
lel. Enjoy your fucking kernel exploits. See the recent public DCCP exploit for a sample. OpenBSD had an exploit with IPv6, and that OS actually fucking cares about security. Linux is like that highschool whore that let everyone ejaculate into her, it has more STDs than every other OS combined just waiting to be found.
>>
>>59242202
only casuals using tor for pornhub are going to be touching an exit node anyway
>>
Should I run a relay?
>>
>>59242293
If you live in germany don't run an exit node
>>
File: gaymer_slob.png (407KB, 920x900px) Image search:
[Google]
407KB, 920x900px
>>59242234
You have been vague and intentionally broad in your claim of Linux being "a fucking shitfest when it comes to security". Every piece of software has "exploits" as no software is 100% invulnerable.
>OpenBSD had an exploit with IPv6
OpenBSD is not Linux you faggot.
>Linux is like that highschool whore that let everyone ejaculate into her, it has more STDs than every other OS combined just waiting to be found
Yes, well done. You run Windows 10 and feel a need to shit over something you do not understand. Just quit it, you retard. You even make the telltale sign of a complete noob with the "omg, peeple can see deh code so it makes it moar vulnerabel". Just no, you fucking condom.
Go play some gaymes you fucking zit.
>>
http://www.computerworld.com/article/2476515/network-security/the-security-flaws-in-tails-linux-are-not-its-only-problem.html
>>
>>59242334
I don't have a well paid lawyer standing by. I'm not going to run an exit node.
From USA btw.
>>
What do you think about proxy chains?
>>
>>59242339
>OpenBSD is not Linux you faggot.
You stupid idiot. OpenBSD, which has far better security and security practices than Linux, has/had remote kernel exploits for it. Linux, which doesn't have any fucking quality control or security standards and just accepts any code that gets sent to it, will obviously have more unknown exploits. If you think Linux is secure then you're delusional.
>omg, peeple can see deh code so it makes it moar vulnerabel
Nowhere did I even imply that you fucking mong. Accepting patches from literal whos and having public source code are two different things.
>>
>>59242372
run an entry node why not
>>
>>59242349
that you would have to burn a 0day is still fairly secure
>>
>>59242390
>OpenBSD, which has far better security and security practices than Linux
Just no. Go do a simple google search on OpenBSD security being a myth. Here's one: https://allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/ There are PLENTY MORE.
>has/had remote kernel exploits for it.
As I said, no software is invulnerable you fucking vagina.
>will obviously have more unknown exploits
I suppose you have proof to show me. Otherwise, shut your fucking mouth.
>If you think Linux is secure then you're delusional
Well, it's more secure than your Windows 10.
>Nowhere did I even imply that you fucking mong
Except you did, fuckface. >>59242100
>and "secure" distributions like Tails or Whonix are naturally going to be researched more than your own custom distro
So by "researched" this would naturally imply code review while looking for vulnerabilities. If anything, this makes it more sucure, you dunce.
Go back to cowadooty you fucking /v/irgin.
>>
>>59242470
>allthatiswrong.wordpress.com
At least try to pick an unbiased source, faggot.
>>Nowhere did I even imply that you fucking mong
>Except you did
Learn to read dumb fuck. Does it say anything about Shitnux being open source in that post? No. Stick a shotgun up your ass and jerk it off until it ejaculates buckshot.
>>
>>59242397
What about the UK?
>>
>>59242513
I think you only get in trouble if you run an exit node
>>
>>59242503
>At least try to pick an unbiased source
Try reading the content of the article instead of doing an CNN and trying to convince retards like yourself based on a name/headline/domain-name.
>Learn to read dumb fuck. Does it say anything about Shitnux being open source in that post? >No
Shifting the goalposts. That is not the issue you fucking abortion. You imply Linux is insecure because there will be more scrutiny on it (and therefore by extension, code). Being "open source" is immaterial to the argument.
You're a fucking Windows 10 babby that suffers from Dunning-Kruger syndrome. Look it up, princess. You're outta your league.
>>
>>59242559
Fucking retard. I said distributions like Tails and Whonix will be under more scrutiny. Learn to read. Linux is fucking garbage and Linus even said that he doesn't want to prioritize exploitable bugs over any other bugs, and it doesn't audit code that goes into it. Of course it's going to have fuckloads of exploitable bugs in it.
>Try reading the content of the article
You mean gems like
>While FreeBSD does not claim to have a focus on security, it is in fact a far more secure operating system than OpenBSD
This is fucking bullshit. FreeBSD uses outdated ports from OpenBSD, like an outdated pf, and it also lacks many of the kernel protections that OpenBSD has simply because that would mean some applications would break. Kill yourself.
>>
>>59242613
FreeBSD also has 100x more commiters and commercial partneres compared to OpenBSD who couldn't afford to pay their electric bill in 2014
>>
>>59242646
Meanwhile every Unix-like operating system is using OpenSSH. I wonder which group made that. Oh wait, they're the same developers of OpenBSD. Do you know why people use OpenSSH instead of shit like Dropbear? It's because it's built by people who actually know shit about security. Where's LinSSH? Or FreeSSH?
>>
File: incredulous.jpg (5KB, 182x180px) Image search:
[Google]
5KB, 182x180px
>>59242613
>I said distributions like Tails and Whonix will be under more scrutiny
Did I not just say that? Yes I did. Seems you fit the description of 'retard', retard.
>Linux is fucking garbage
So, obvious bias is now apparent. Thanks.
>and Linus even said that he doesn't want to prioritize exploitable bugs over any other bugs and it doesn't audit code that goes into it. Of course it's going to have fuckloads of exploitable bugs in it.
It's not his job to be sole security officer retard. If someone submits a patch to an obvious hole then it will probably get merged. It's not his job to be sole security officer just because the guy that runs the show. If there's a pressing need for critical compatibility over some minor vulnerability, guess what is getting passed? Again, for the Nth time, every piece of software has "bugs" - none is invulnerable.
OpenBSD and FreeBSD have their pros and cons, just like Linux. Linux is used a lot more where it counts. It's not "absolutely better" than the BSDs but it is better than fucking Windows.
> Kill yourself.
Ladies first.
>>
>>59242712
>durr it's not Linus' fault that Linux sucks, it's everyone else because they keep putting shitty patches in it!
ok, kid.
>>
>>59242737
Windows 10 user, everyone.
>>
>>59242768
ok, kid
>>
>>59242790
Np, sport.
>>
>>59240416
More or less, if you use it on dedicated PC or VM behind VPN connection.
>>
>>59242809
ok, kid
>>
>>59242839
Netflix and toke?
>>
File: 1dAi2af.png (111KB, 660x1010px) Image search:
[Google]
111KB, 660x1010px
>>59241462
>JS exploits shouldn't work
Think of what's going on here:
You're trying to hide your identity on a computer. The fact that you're hiding your identity implies someone is trying to determine it. The fact that you're using TOR instead of another technology that doesn't limit your bandwidth and is easier to use(proxy,vpn,public wifi, etc) means you're hiding your identity from a sophisticated and determined threat.
To maintain anonymity over you have to control at least the machine and the software that it runs. In enabling JS you're saying the computer I'm connecting to may send me an executable and I want my machine to run it. The fact that you have a sophisticated and determined threat turns this in to something very sinister:
The enemy (who wants to imprison torture and/or kill me and possibly everything I love) I'm connecting to may send me an executable, I have no idea what it may do, and I want to execute it. Yes I want to allow the enemy to execute code on the machine that I'm depending on to protect my life.
If you're just connecting to TOR to see TOR sites and get your daily dose of edgy then fine enable JS. If your threat model actually requires something like TOR for protection then for your sake and the sake of everyone you might call friend turn that shit off.
>>
>>59243025
>To maintain anonymity over you have to control at least the machine and the software that it runs. In enabling JS you're saying the computer I'm connecting to may send me an executable and I want my machine to run it. The fact that you have a sophisticated and determined threat turns this in to something very sinister:
This is only true if the OS (Linux in this case) has privilege escalation exploits (100% since Linux). If you run it on another machine and expose just the Tor socks port then all you need to worry about is an exploit in Tor instead of exploits in the browser and privilege escalation exploits.
>>
>>59243083
>This is only true if the OS (Linux in this case) has privilege escalation exploits (100% since Linux)
Please provide proof of working exploit and you shall be $100,000 richer.
>>
>>59243114
>$100,000 for Linux privilege escalation
source?
>>
>>59243161
Proof first.
>>
File: 1466353614268.png (531KB, 2992x2992px) Image search:
[Google]
531KB, 2992x2992px
>>59243083
>This is only true if the OS (Linux in this case) has privilege escalation exploits (100% since Linux). If you run it on another machine and expose just the Tor socks port then all you need to worry about is an exploit in Tor instead of exploits in the browser and privilege escalation exploits.
Sandboxing just makes the machine more complicated and possibly harder to compromise. Firewalling on a separate computer must means the machine you have to control is now two computers. These are good ideas and I'm all for them. That doesn't mean I'm going to execute the enemies code on my machine. The only reason I'd run an operating system someone else wrote in this situation is that anything I wrote myself would probably have more problems. What advantage do I hope to gain from executing the enemy's JS? Pretty formatting? You don't need JS to accomplish your goals here which is disseminating information you shouldn't be or receiving information you shouldn't be. If the service you are using to do this requires using JS, then you should find another service.
>>This is only true if the OS (Linux in this case) has privilege escalation exploits (100% since Linux).
In addition in what situation would you be sure your OS has no exploits? Remember the sophisticated and determined threat model. I don't have the money to pay hundreds of experts to dig through thousands of lines of code they do. They're the attacker. They only have to find one problem in my set up. I have to not fuck up once. Why on earth would I make their job easier? At least I'd make them find a way to execute code on my machine without my cooperation.
>>
>>59243629
>In addition in what situation would you be sure your OS has no exploits
You don't, but you change the requirement from browser+privilege escalation to browser+remote code execution/browser+Tor socks port exploit+escalation.
>>
>>59240627
IDK What country you're in but in America even if the company says they don't log they still log, if traffic hits any US servers. Federal Law. Now if you have your traffic routed no where in the US you will be fine, idk what the laws in other countries are since I am in the US.
Like for example you have traffic go to Denmark to Texas to Russia, and then back to Denmark. That traffic in the US server is logged.
Now if your whole VPN traffic is in the US, you're fucked all of that got logged.
Any VPN that says they don't log most likely doesn't, but they won't tell you that they do log if your traffic hits a US server (if they have one)
>>
File: citation needed.jpg (23KB, 349x265px) Image search:
[Google]
23KB, 349x265px
>>59243870
>even if the company says they don't log they still log, if traffic hits any US servers. Federal Law.
>>
>>59244397
I looked it up and I misread it. I was referring to Stored Communication Act.
>http://vpnpick.com/data-retention-copyright-logging-regulations-united-states/
>https://ilt.eff.org/index.php/Privacy:_Stored_Communications_Act
I was wrong though, but still good reads.
this was couple of years ago when I was thinking of getting a vpn.
>>
>>59240416
Yes, just don't be an idiot
>>
hard mode: browsing using VNC on a windows XP guest VM hosted by a linux VM hosted by another linux VM through tor through a VPN
also 9 proxies
can the government hack it or no
>>
>>59241292
>anti-US foreign government overthrow tool.
thats funded by the DoD .....
>>
>>59241292
True dis.
>>
>>59241740
Thats what I find funny, military uses it, for what? its so god damn slow, unless theyre using their own servers and encrypting with tor, then I can see it.
>>
>>59245719
A lot of military uses just need to transfer text and occasionally images, and a several-second latency is often no big deal. It's not like you're torrenting anime.
>>
>>59245757
Torrenting using Tor? People really do that??
>>
>>59246077
>People really do that??
there's a lot of idiots on the internet anon
>>
The FBI and NSA wants you to believe very much that Tor is compromised.
It has flaws, but the central technology has not been broken.
>>
>>59241280
No. Never enable Javascript.
You should always be using noscript as much as possible on just your regular browsing too, Javascript was a mistake.
>>59242045
Javascript can download someone's browsing history. The NSA is keeping a nice big stockpile of porn habits on major politicians- just in case anyone decides that they should have their budget reduced or be shut down.
Thread posts: 103
Thread images: 10
Thread images: 10