What are /r/TOR's favorite Products & Services?

From 3.5 billion Reddit comments

Lets see...

Using Tor Browser with a VPN

Tor browser is an effective tool, but it doesn’t offer the same level of security and safety that a VPN does. Luckily, you don’t have to choose between the two. You can use Tor browser and a VPN together to combine their powers and maximize your privacy.

[bla bla bla bla] One great example is NordVPN’s Onion over VPN service, which allows you to connect to Tor without Tor browser.

​

Maybe it has something to do with advertising for NordVPN?

Firstly, the tor browser is a FOSS project so if you are paying for it then you are definitely being scammed.

What app to use depends on what OS you are using.

For android you should use the offical Tor Browser from the tor project.

For iOS the only application recommended by the tor project is Onion Browser by Mike Tigas. However be aware that because of the limitations on iOS it is not as secure as versions of the tor browser on other operating systems.

>“We believe that the source of the unencrypted traffic is Tor code being installed on these mobile phones, and users are not aware of its existence,” Bhargava said. While the developers of The Tor Project offer an Android app called Orbot, researchers said the Tor functionality is being baked by third parties into the offending apps.

So malware... They tracked malware installed by someone else.

I think you're using a really out of date Tor Browser. Idk why you are. Maybe you do.

Evidence why I think that. Here's my Tor Browser on OS X El Capitan.

Yours is using . Tor Browser hasn't used them in years. Mine is using DuckDuckGo.

Your "What's Next?" and "You Can Help!" boxes look differnet.

Your font looks like Times New Roman, especially on "The Tor Project is a US 501 ..." while mine doesn't.

So what should you do? Delete this Tor Browser. To uninstall Tor Browser, open your applications folder and drag Tor Browser into the trash. You will also want to delete your ~/Library/Application Support/TorBrowser-Data folder.

Then download Tor Browser from . Mount the downloaded file. Then in the new window, drag the Tor Browser icon into the applications folder. Do not simply double click on the Tor Browser icon. After it copies into your applications folder, close the window. Tor Browser can now be ran like any other application on your computer.

There are people in jail right now because they thought HideMyAss was secure. It's not. They log everything you do, and if government asks, they will hand your information over.

There are more secure VPN providers, but ultimately, none of them has the strong anonymity properties of Tor.

Most people who have gotten caught doing bad stuff on Tor were caught because of things they did outside of Tor. I imagine if Tor was insecure we would hear about a lot more activists being imprisoned or killed for dissent.

For example, One guy used IRC with Tor. The one time he logged into IRC with the same username from his home network, it allowed his identity to be compromised.

Tor Project has a pretty good list to help: https://www.torproject.org/download/download.html.en#Warning

It's all about snooping, or rather protecting yourself from other people snooping on you. The Electronic Frontier Foundation put together an interactive diagram that shows you who can see what with and without HTTPS and Tor. You can find it here.

This can be a very important tool if you need to keep people from snooping, even if you're not a criminal. A few examples of this are law enforcement officers, journalists, government workers, whistleblowers and etc that want to protect their informants, sources and sensitive data from falling into the wrong hands. A more detailed article on who uses Tor and why can be found here.

Yes. This is possible. You can run a Whonix Gateway to server as router behind which you connect all clients. (https://www.whonix.org/wiki/VirtualBox )

Depending on your needs and level of access control you can put an additional firewall like PFSense/OPNSense between the gateway and your clients.

Also: TPM has nothing to do with your ability to generate certificates, this can be easily done using OpenSSL

When I tell you that figuring out what you actually need to secure is more important and difficult than actually securing it, don't just believe me, ask ANYONE that has any idea what they are doing and they'd probably agree. I'm plugging my guide, but there's a lot of really good information on privacy and privacy tools out there to read. If you've already read it all, read it again. I'll give you a quick answer, but I promise it won't solve your problem because the mindset and understanding of your specific privacy needs to be stablished before you find yourself deadbolting doors and setting up flamethrower turrets in your house to protect nana's cookie recipe. Tails, Whonix or Qubes for serious anonimity/pseudonimity as O.S. and Tor, VPNs and Virtual Boxes for everyday bullshit.

NordVPN claims to keep zero logs and I've never seen anything to suggest otherwise. To the best of my knowledge, it's never been tested in court, though.

They are also on the cutting edge on the security side. I can't find the link I read about them, but it was really impressive.

I personally use NordVPN and have had great luck with their tech support as well. Also, their support staff isn't some generic follow the corporate procedure group. The staff actually have personality and are clearly tech geeks.

This article lists IVPN as the best, but I don't like the fact that no one knows who the owner is. They list NordVPN as an excellent one, but not the top due to its slower speeds.

/r/VPN is a really good source of info on VPNs, including an excellent spreadsheet breaking down the pro's and cons of a ton of VPNs. They refuse to make recommendations though, so you'll need to do some actual research there. What you need will largely depend on exactly what you are using it for. NordVPN works well for me, since I primarily use it for security on open wifi.

If you want all the bells and whistles Snowden recommends then the best thing to do would probably be to remove the hard drive.

After that you will need to disable secure boot in the BIOS and follow the guides for installing Tails to a USB drive. The new install process baby steps your through it automatically.

https://tails.boum.org/install/index.en.html

FYI, It is spelled Tor.

NordVPN is one of the better VPNs out here. I personally have used Nord for close to a year now and it works great with clearnet browsers like Firefox. But the few times I've tried with Tor it's kind of slow. If it works well use it. I'm switching to ExpressVPN in a couple months when my subscription expires. Express and Perfect Privacy are the only two VPNs I know of that's had their logging policies put to the test. Express had a server seized by Turkish government over some stuff, tried to obtained logs but couldn't. Similar event with Perfect Privacy, except I think it was the Swedish police. Can't honestly remember been awhile since I read the story. AirVPN has some legitimacy behind their service as well. They had to shut down a few French servers due to DMACA complaints. If they were logging they could've easily suspended the accounts of the people that were using those servers to torrent. NordVPN is still considered at the top with many of these VPNs, but as far as I know their policies have never been put to the test. You could in theory use any VPN with Tor because no matter if the VPN is logging they can't see what you do over Tor.

Not just the hashes, check the digital signature.

https://www.torproject.org/docs/verifying-signatures.html.en

Edit: I downloaded the fake .exe which claims to be 3.6.6. The real tor site doesn't even have that one available to download anymore. Also all links on the fake site go to the real site. And the fake site's download option doesn't give you options like osx/linux/source

'strings -a' on it

Obfuscated with Dotfuscator Professional Evaluation. Illegal to use on software for general release.

While convenient it's closed-source and thus cannot be 100% trusted. The FBI case was, while positive to the privacy conversation, mostly for PR IMO.

Macs are also quite expensive, OP check out one of these alternatives. These laptops will be supported for many years software-wise which is something you can't claim for Apple computers.

Set yourself up with one of the Ubuntu flavors and ask any questions you may have in /r/linuxquestions.

And here I thought from the title that the TAILS project was being discontinued or something...

You may want to post a bug report to the TAILS tracker OP, seems like a low level bug.

> The Tor network seems to be under attack by the very same government that funded and created it.

Funds and created it. Different parts of the government have different goals. What the DOJ and State Department want are sometimes at odds with what the NSA (Tor's primary federal nemesis) wants. And all of that is effectively divorced from what state, county, and local governments want or what judges understand.

Education is our best weapon in this battle:

1. Legislators need to be told (and told again) in very basic, "cap'n dummy talk" terms how Tor works, so that a) they don't pass laws holding the wrong people accountable for Tor content, and b) police can be held accountable to good laws for wrongful enforcement actions.

2. Legislators, the public, news outlets, and judges also need to understand the benefits of protected networks---that they are essential tools in the preservation of freedom, commerce, political and scientific research, child privacy, and a free and empowered citizenry.^1

3. People---our friends and neighbors---need to hear more about how Tor is used by typical Joes to do legal things and protect themselves from harmful marketing, spying, and manipulation by companies and governments.

4. Tor volunteers need solid, findable, and easy-to-digest information about how to proactively protect themselves from predatory legal and police actions, how and where to positively impact the media, and how to get legal help if they need it.

Anyone can fight the battle, at any level of difficulty, from writing lawmakers to commenting on Facebook. The thing to remember is that it's not fighting against the law or authority, but rather fighting for our right to privacy...and also for the hearts and souls of volunteers to build Tor and keep the signal alive.

*edit: spelling

You could just install tails on the laptop and go with the persistent volume which would hold anything you want to save in an encrypted volume.

If you are worried of being targeted just because you use Tor it is recommended to use Bridges:

Alternatively, you can also use a trustworthy VPN (unless that also gets you in trouble with the government).

For VPS, I recomment ProtonVPN, Mullvad or IVPN.

This gives you a good overview of what happens when using Tor https://www.eff.org/pages/tor-and-https

Any other questions you have should be answered here https://www.torproject.org/docs/faq.html.en

You get to look at that info because you created the circuit. The individual nodes that make up the circuit don't get to see that info.

Here's a more detailed explanation of how Tor circuits are created: https://www.torproject.org/about/overview.html.en#thesolution

I've read that you shouldn't use the same Tor session to use two identities at the same time. So using my real Facebook account in the same session as any anonymous account, could potentially link my Facebook account with the anon account. Unless I had an anon Facebook account, but why the fuck would anyone want that?

Edit: Here's where I read it. Granted it's TAILS and not Tor, but I'm sure the same logic applies.

I am confused by your question.

A VPN and TOR are two different things.

"Is NordVPN worth the extra cash?" That all depends on what your are trying to accomplish. I had Nord for a while and I was satisfied with it. I don't really need a VPN at the moment so I did not renew.

As it has been stated, Tor is not a VPN. Second, torrents leak your IP, so people will see it regardless. You should have looked up that section on the tor website, plus it puts a lot of strain on the network. Just don't do it. Get NordVPN or CyberGhost VPN and you will be fine.

You shouldn't tell your torrent client to use Tor as a proxy.

> Torrent file-sharing applications have been observed to ignore proxy settings and make direct connections even when they are told to use Tor. Even if your torrent application connects only through Tor, you will often send out your real IP address in the tracker GET request, because that's how torrents work. Not only do you deanonymize your torrent traffic and your other simultaneous Tor web traffic this way, you also slow down the entire Tor network for everyone else. (Source)

>Should it not be changing?

No it shouldn't be changing. Mathematically it has been determined that if you are constantly switching guard nodes, then you have a greater chance of getting a bad circuit:

https://www.torproject.org/docs/faq.html.en#EntryGuards

That's what it originally stood for yes, but it's no longer an abbreviation. Please see how it is capitalized on the website, on Wikipedia, and on their IRC channel on OFTC.

There's an FAQ entry on this: https://www.torproject.org/docs/faq.html.en#WhyCalledTor

You should read up on the Tor FAQ. I think it will answer a lot of your questions.

What makes me think you haven't read it yet? Well...

Im actually working on one right now. Not for only over tor but normal usage aswell, with proper encryption. Im planning on using matrix.org, which afaik is probably the most secure. The app itself is written in flutter. I will be open sourcing it once i get the first build working.

Update reads:

>Unman has generously agreed to bring the Qubes Tor onion services back and maintain them. He has considerable experience in hosting and infrastructure management, including running onion services. He is working on it now. We’ll have another update for you soon. Thank you, unman!

TorBrowser has a lot of tools that inhibit the functionality of online trackers, including those that use javascript. I would just recommend never using the same browser for your anonymous browsing as you do for your non-anonymous browsing, as you'll undoubtably end up caught in an edgecase somewhere that ends up linking the two.

The biggest danger with javascript is that the javascript interpreters provide an attack surface against which to run exploits that expose your real IP.

While cumbersome, a good solution I've found is running Qubes for my OS. It provides isolated bubbles for my applications so even if the javascript stack is exploited in one of my VMs, the whole VM is routed through Tor and they'll find nothing. Also, if they hack into an anonymous VM, they won't be able to access anything in my non-anonymous VMs. It provides wonderful isolation, but the tradeoffs of running it as your desktop can be significant. It eats up RAM fast and you won't be doing any gaming with it.

It doesn't really matter what language you use to build onion sites. Just use what ever you are comfortable with. Just make sure that your server is hardened, that you aren't leaking identifying information through your server configuration, phpinfo() or error logs. You can run the entire server inside of a Whonix Virtual Machine for extra protection against identity leaks..

Riseup has a guide about best practices for hosting an onion site.

I use Windscribe, I've used ProtonVPN in the past.

I'm very interested in hiding data from my ISP. Using a VPN to do this is a good idea:

• Your VPN knows much less about you, so maybe can't sell your info, or sell as effectively. Your ISP knows your address, name, phone number, maybe bank acct or credit card, maybe sees your phone traffic and your TV traffic. You can manage it so your VPN doesn't know any of those things.

• Your ISP is in same legal jurisdiction as you are. Someone who wants to track you down, get a warrant on the ISP, and then sue you has to deal with only one country. If you use a VPN, where you are in country A, VPN company is in country B, and VPN server is in country C, they have to deal with 3 countries.

• If you get banned by your VPN or lose trust in them or their service gets bad, you can change to another VPN very easily. If the same happens with your ISP, often you're stuck, they may have a monopoly or semi-monopoly in your physical area.

1) Change your wifi password as others have suggested.

2) Download a password manager and create one master password. Keepass is really good and easy to use and it stores the database file locally so an attacker would need physical access to your computer. Lastpass is also really good but its cloud based and you trust them.

3) use your password manager to generate random new passwords for all your accounts.

4) download a quality are simple and easy to use and a must have. I use Perfect Privacy because they don't keep logs and I can pay anonymously. Not to expensive either.

5) remove chrome from your computer and use firefox and make sure to check your privacy and security settings.

6) download Tor and use it for any internet activity you really want to keep anonymous.

7) always use HTTPS

8) learn to encrypt your data. PGP is simple to use and plenty of communication services employ encryption. Protonmail is a free email service that encrypts everything even your contacts.

9) use common sense. We exist in a digital age and there is no excuse to be laxidasy about privacy and seciruty. If some punk kid can gain access to all your internet activity then you're not taking this shit seriously. Imagine if he gains access to your online bank account, or your Amazon account or any of your social media could that screw your life up?

Tails is designed to make it difficult to discriminate from other Tor users. It might be possible to identify it in some circumstances, but I don't think it's a likely explanation.

https://tails.boum.org/doc/about/fingerprint/index.en.html

If you downloaded the default Tor Browser, you have only connected to the tor network not contributed to it.

You have to change your torrc settings to allow relay and exit traffic to flow through your tor process.

Here is a write-up on what needs to be done to setup a relay

Setting up an proper exit relay is even more work. There is a write-up somewhere but I can assure you that you did not accidentally run a exit relay.

AVG has a history of false positives with Tor/Tor Browser. It's probably nothing to worry about but you should follow the instructions here to validate your install.

If the install validated with GPG you can be confident AVG is in the wrong.

You shouldn't be running exit nodes at your house in the first place. You should use a VPS that is friendly to tor.
You'll want to look at the FAQ and this blog post

Okay, I'm getting really sick of these no-context questions. OP, what do you mean by "safely" and what part of your setup are you unsure of: using Tor over a VPN? using Tor on a Mac? Using your VPN on a Mac?

Have you even read the documentation?

Not exactly Tor implementation, but you might be interested in Canvas Blocker's implementation of the screen resolution, which I personally prefer. It may make some photos not work though.

Nope! That's the beauty of Tor's design. These nodes will be used by people from all over the world, regardless of their actual location, and will not have any practical way to learn the location of the end-users.

Your reply is the exact opposite to Tor's own recommendation. Copy/pasted from Tor's manual:

>enabling hibernation is preferable to setting a low bandwidth, since it provides users with a collection of fast servers that are up some of the time, which is more useful than a set of slow servers that are always "available".

"Slow servers" is ambiguous, sure. But a limit of 33mbps restricts circuit throughput to 16.5mbps, which sounds like under utilization of a 1gbps link to me.

One possible solution would be to simply block all Tor exit nodes. It's not a very subtle approach, and suggesting it tends to make people here angry, but hey, it's your forum, you can do what you want with it.

Blocking Tor might help reduce automated attacks, but if someone's prepared to make a real effort to get around your blocks they'll probably get through. There are so many public proxies and VPNs that it would be impossible to block them all.

Depending on how popular your forum is, would it be feasible to change the account creation process to require an "OK" from an administrator? Prevent the malicious account being created in the first place?

The fact that you use Tor is generally not a secret, neither from your ISP or your government. It's what you do using Tor that is secret.

If you're under an oppressive government, there are a few things you can do: you can get the Tor Browser without being detected by following advice here (for instance, you can download it over email). Secondly you can use it without your regime detecing it by using pluggable transports. One of these transports is able to disguise Tor traffic as regular cloud storage traffic, so it looks like you're just uploading and downloading from Google Drive. It's pretty neat.

But unless you need to hide the fact that you use Tor, it's more efficient to just use Tor directly.

I think https://www.torproject.org/about/overview is pretty layman-friendly. I would recommend reading that and asking specific questions about things you don't understand.

Also, if you are going to write about Tor, please be careful to type it correctly; it's Tor, not TOR :-) Good luck with your fiction project.

Can't people search for themselves these days? Here it is in plain English. https://www.torproject.org/getinvolved/tshirt.html

> Operate a fast Tor relay that's been running for the past two months: you are eligible if you allow exits to port 80 and you average 250 KBytes/s traffic, or if you're not an exit but you average 500 KBytes/s traffic.

It depends on your threat model, and what you'll be researching. Intend to check out some jihadist forums? You should probably be using Tails and nothing else - and it is imperative to put the Tor Browser security slider at "High" and keep it there. Just want to check out some [darknet markets](/r/darknetmarkets) but not buy anything? You're probably alright just running the Tor Browser Bundle. Want to actually buy something? Back to Tails, only.

If you need high security, use Tails. Do not use Windows, do not use OSX, do not use an Android or iOS (iPhone/iPad) device. No matter what you're doing, if you want anything more than fairly low security, you'll need to bring Tor Browser's security slider up to "High." Anything less allows JavaScript in the browser, which is essential to use or even view many websites (like reddit!), but it is an enormous security liability and is the only confirmed mechanism that has been used by governments to de-anonymize Tor users.

These are approximate examples but I hope they illustrate how to go about this. Tails is relatively easy to use and quite foolproof, in addition to being extremely secure (assuming, again, that you bring that Security Slider up to "High"). There is lots of great documentation on how to use it on its website if you get stuck. You're also welcome reply to this comment with any questions you might have.

1. Do not host an Exit at home
2. If you want to run a relay, get yourself a cheap VPS. They start as low as 2 Euros a month https://www.scaleway.com and have much more upload bw (100 mbit in the case of the 2 Euro VPS) as a normal home user.
3. You are already under attack. If you install a firewall you will notice that botnets will constantly probe your IP. Tor will not change this to the better or worse.

niftybunny

For those looking to get a server with more bandwidth for relatively cheap, OVH sells a VPS slice for $2.99/mo with effectively unlimited bandwidth (100Mbps up to 10TB of bandwidth, then 1Mbps). Granted, that's $30/year not $10.

https://www.ovh.com/us/vps/vps-classic.xml

Edit: As /u/FlashingBulbs pointed out, it's important to have diversity in the Tor network. So on that note, OVH is not the only place that sells VPS slices for cheap. Green Value Host is another one, at $4/mo for 5TB: http://www.greenvaluehost.com/unmanagedvps.html

Define "danger."

What's your threat model? Who is dangerous to you, and why?

What kind of content were you browsing?

Simply using privacy tools isn't enough to put you in any real danger in 99% of cases, even if it might raise eyebrows sometimes.

First off, if you aren't doing anything illegal, you have nothing to worry about in the first place (unless you live in a jurisdiction that is actively hostile toward users of privacy tools, or unless you're a person of significant interest to an adversary with unusual amounts of resources at their disposal).

Simply having JS enabled is not enough to break your anonymity on its own. You can use a tool like https://coveryourtracks.eff.org to see what data you're leaking through JS. Tor Browser ships with JS enabled by default. You can also set it up to only allow JS over HTTPS by increasing the security slider in the settings.

Your ISP can see that you're using Tor but they can't see what you're doing with it. Exit nodes can see what you're doing if you're not using an E2E encrypted protocol over Tor (HTTPS), but they can't tell who you are (unless you tell them, perhaps by signing into a personal account on an unencrypted website).

If you accessed some egregiously illegal content (by mistake, of course), you're most likely still fine unless you fall into that 1% category I mentioned earlier (if you did I doubt you'd be asking questions on this subreddit), or unless you did other things to de-anonymize yourself.

Anytime! If you are interested in being more anonymous than what onion browser has to offer, might I suggest you try out TAILS for your computer. It loads it's own secure, Linux based OS off of a disc, and everything that you do while you use it goes through TOR, no matter what program you use. I highly recommend it!

https://tails.boum.org

>Is it safe to download tor?

It depends on your definition of safe.

If you live in the US or most other western countries, it is not illegal to use Tor.

I would say that it is safe to download.

If you are trying to access hidden onion sites securely, then you must use Tor.

If you are just trying to hide your IP or internet activity from casual threats (your ISP, businesses, websites you access), then perhaps a VPN would be enough:

https://www.privacytools.io/

Can you capture traffic with Wireshark as well when you access the hidden service with Windows 10? You don't have to share the complete dump. I'm sure someone could help you with a filter, default ones are pretty easy, e.g., "http", shows HTTP requests. They are basically as easy, or even easier to read than Apache server logs. You probably don't need complex filters if it takes under 17 hours, and you don't use the laptop for anything else except opening your hidden service in Tor once. Although if an app updates in the background that's going to cause multiple log entries.

Example screenshot from a Wireguard dump: https://www.wireshark.org/docs/wsug_html/wsug_graphics/ws-main.png

The top part (here in green) should be readable without too much background knowledge. Source & destination ip, protocol, etc. already give you a lot of information.

• Exits could try to give you HTTP when you asked for HTTPS. The HTTPS Everywhere extension that comes with Tor Browser prevents this from happening on <u>tons</u> of websites. So you don't need to worry about this.

• Exits could create their own certificate for a website and give it to you. But if your browser doesn't trust it (for example: it isn't signed by a certificate authority) there will be a huge scary warning that you can't miss. So you don't need to worry about this.

• Exits could work with certificate authorities to create certificates that your browser will accept. These CAs would be misbehaving and risking having all of the certificates they have ever issued being distrusted by browsers if they were caught. It is also possible the person running the exits has compromised a CA and thus the CA doesn't even know it is issuing malicious certs. This doesn't happen very often. It is a very big deal when it does happen. It affects more than just the perceived security of using Tor. You shouldn't worry about this.

Also, the Tor Project regularly scans for misbehaving relays and removes them from the network. This type of stuff is some of what they are looking for.

Interestingly: while there is little bit of reason to worry about this on regular websites, there is basically zero worry of this type of stuff happening when you visit onion services. Encourage your favorite websites to operate onion services! :)

I used free on ProtonVPN, now paid on Windscribe. If I moved to another, maybe I'd lose $40 or something of prepaid months on Windscribe ? Not a big deal.

> isps can be very malicious with ur data and with their customer service if u get what i mean

I don't know exactly what you mean, but that's an argument in favor of using a VPN, right ?

I know of VPN providers that claim not to give any data away: ProtonVPN, IVPN, NordVPN, etc. You'll have to decide if you trusr them or not when they say they don't keep logs. I'm inclined to believe them, but I won't do it blindly. I pay close attention to any scandal involving them

If you're worried about anonymity when using bit torrent try a VPN service. I'm using BTGuard, it costs a few $$ per month but is a good value imho.

Torrent Freak -- VPN Services That Take Your Anonymity Seriously, 2013 Edition

Check out TAILS for extra assurance that your security is protected. It's an OS that you boot off a USB drive, and it disables all internet except for the stuff that's passing over Tor.

Tor on Android

>Orbot is an application that allows mobile phone users to access the web, instant messaging and email without being monitored or blocked by their mobile internet service provider. Orbot brings the features and functionality of Tor to the Android mobile operating system.

>That is why they must get on TOR and borrow a foreign IP; a new one cycled every 15 minutes...

How often does tor changes its paths?:
Tor will reuse the same circuit for new TCP streams for 10 minutes, as long as the circuit is working fine. If the circuit fails, Tor will switch to a new circuit immediately. But, note that a single TCP stream, e.g. a long IRC connection, will stay on the same circuit forever. Tor does not rotate individual streams from one circuit to the next. Otherwise an adversary with a partial view of the network would be given many chances over time to link you to your destination, rather than just one chance.

You probably don't want an old version of the browser since it'll have publicly known vulnerabilities in it.

I would try to install Tor via the command line and proxy your updated browser through it - https://www.torproject.org/docs/tor-doc-osx.html.en

Alternatively, if you can spare some extra space, you can run Tor in a VM (Virtual Machine), something like Whonix with the help of Virtualbox. This comes with the advantage of being even safer than the Tor Browser Bundle, as an exploit in Tor or Mozilla Firefox, which the TBB is based on, will infect the VM and not your primary operating system.

Let me know if you need help exploring any of these options.

The tor project has a pretty good explanation of why they don't make everyone a node.

>Many tor users cannot be good relays — for example, some tor clients operate from behind restrictive firewalls, connect via modem, or otherwise aren't in a position where they can relay traffic. 

To be honest, I'm not a 100% sure. But I don't think Tor Browser can be used as a relay, you need a proper installation. Also, your Firewall (probably the one in your router) will block incoming connections when trying to use your PC at home as a relay.

Edit: Step Two, Point 3 explains the issues with Firewalls. https://www.torproject.org/docs/tor-relay-debian.html.en

From reading your comment, it sounds like you need to start with the basics: https://www.torproject.org/docs/faq.html.en#WhatProtectionsDoesTorProvide

Tor obfuscates what you are doing on the internet, not that you are using Tor.

>then using a VPN won't help much because it just means that where ever your hosting your VPN, they'll be able to see you TOR out of that computer.

Again, The VPN provider will see that you are using Tor not what you are using Tor for. Tor was not designed to hide the fact that people are using the Tor network.

Tor uses 2 letter ISO3166 country codes, so the correct one would be GB not UK. Also see the Tor FAQ.

Your best bet is Tails. You don't have to install it to any computer, it runs directly off the USB. The entire time it's running it will be as if you didn't even have Windows 10. Then, once you're done with Tails, you can just restart your computer without the USB and continue normal computer use like you never booted Tails.

On a side note, this is partially opinion and partially advice, you might want to downgrade away from Windows 10 to like Windows 7, or do what lots of people are doing and permanently upgrade to the Linux Master Race.

If you're the type that frequents Tor, it's just something to consider. I wouldn't trust Windows 10 as far as I could fling the disk.

I don't understand people's incessant need to over complicate using Tor. Just. Read. The. Information. On. The. Site.

Don't torrent, it's a dick move.

https://www.torproject.org/download/download

> It shows [...] as being my guard relay.

You should probably delete that information.

Entry guards rotate every 12 weeks. An explanation is available in Tor's FAQ.

You can use email. From https://www.torproject.org/projects/gettor.html:

>Users can communicate with GetTor robot by sending messages via email. Currently, the best known email address >to do this is . This should be the most current and stable GetTor robot as it is operated by >Tor Project itself.

>To ask for Tor Browser, a user should send an email to GetTor robot with one of the following options in the body of >the message:

>* windows: If the user needs Tor Browser for Windows. >* linux: If the user needs Tor Browser for Linux. >* osx: If the user needs Tor Browser for Mac OS X.

>Options are case insensitive. If a user selects two or more options, only the first one will be considered. After the >user sends a valid option, GetTor robot will reply with links to download Tor Browser from popular cloud services. For >now, the only cloud service supported is Dropbox.

1. You shouldn't add plugins to TBB. That makes you stand out. (Ad blockers are easy to detect with JavaScript.)

2. AdBlock does NOT stop all ads. It only stops the ads that haven't donated (paid) to be whitelisted or complied with they layout requirements. https://adblockplus.org/acceptable-ads

3. Disconnect only blocks ads from sites that it knows. (It knows a large list, but that list is far from complete.)

4. None of those ad blockers stop 1st-party ads (not loaded from a third party). Some sites detect Tor or ad blockers and switch from 3rd-party to 1st-party ads.

5. The purpose of Tor is to anonymize your network connection. The purpose of ad blockers is to stop displaying ads AND to stop ads from tracking you (more anonymity). However, did you know that many ad blockers (AdBlock, NoScript, etc.) will regularly download updates? Those regular downloads make you very distinct -- to the point of being unique.

I'm curious, where are you hearing Tails in a VM is better?

A compromised host OS/Hypervisor which Tails OS is running within could compromise the booted ISO image. It could be leaving traces on the host of your activities, i.e. saving the VM's state in VirtualBox. Furthermore you're also increasing the overall attack surface as now you're also trusting the entire code base of your host OS to not be vulnerable to attacks.

You'd be running a Amnesic OS within a Persistent OS, which doesn't make Tails 100% amnesic.

If you're looking to running Tails in a VM, I'd recommend looking at Whonix. It's actually designed to run with persistence inside of a VM. If you're interested in running Whonix Workstation but wanting to keep some of the Amnesic properties of Tails, then I recommend looking a Qubes OS's Disposable Whonix WS VMs.

Using Tor on any system that knows your real name is dangerous. Because leaks. It's also dangerous to use Tor on any system that can reach the Internet directly, bypassing Tor. Because leaks.

If what you have is a Mac, install https://www.virtualbox.org/wiki/Downloads and use the Whonix VMs https://www.whonix.org/ :) You can use a VPN client in the host machine, and so hit Tor through the VPN.

I seriously doubt that. If the DoD were smart enough to develop malware, then they'd be smart enough to use a non-attributable network for managing it. You would not see connections coming from DoD.

(Remember: foreign nations operate Tor nodes. So they are certain to never trust Tor nodes with direct connections from the DoD.)

To find out who's actually doing it, use WHOIS to look up the addresses. Ignore names like "Ft. Huachuca" -- those manage the overall subnets, but not the individual subnets. Instead, look at the "NetName" in the WHOIS reply to identify the actual organization.

A lot of "DoD" subnets are actually associated with non-DoD services. For example, AS257 is part of the DoD (Navy Network Information Center), but the subnets are from a bunch of schools. They include the Naval Postgraduate School and California State University. (https://ipinfo.io/AS257) So if someone is attending CSU and using Tor, then it might look like a DoD subnet if you don't look deep enough.

>Is it as simple as loading it into a USB or SD card and booting it up?

Unfortunately, no. The Raspberry Pi is an ARM based system and Tails is only released for X86 compatible processors.

https://tails.boum.org/doc/about/requirements/index.en.html

Tails is designed to be bootable only from a USB flash drive, an SD card or a DVD (basically, only removable media).

Tails is safer because nothing is written to your internal hard drive. When you reboot, everything disappears and Tails goes back to its initial state. (Unless you set up a Tails persistent partition to save certain data - PGP keys, passwords, bookmarks, etc.) If a 0-day bug is able to break out of the Tor proxy for Firefox, it would still be blocked from accessing the internet and de-anonymizing you by the Tails firewall.

The Tor Browser Bundle is easier to setup and use.

Try both.

https://torproject.org/

https://tails.boum.org/

Yep, that's right. Although, gmail likely requires javascript, which could be used to fingerprint your browser. Plus, Google is probably reading whatever you send and receive. There's plenty of privacy-conscious email providers out there.

Sure!

1. Ensure that your chromebook is in developer mode as you won't be able to do jack shit with it not in dev mode.

2. Go download the Tor Browser Bundle i686 for Linux from the Tor Porject.

3. Press ctrl-alt-T to open a terminal. If you're not familiar with the the bash shell (or just using it on Chrome OS), you should note that:

• On Chrome OS you can't copy or paste into or out of the terminal. You'll have to type all of these commands by hand

• You can complete commands and file paths by using the tab key. For example, when you have type start-tor-browser, simply typing st then tab will complete the command because that's the only thing that starts with st.

1. Type shell to get to a useful shell (bash)

2. Type cd Downloads

3. Type tar -xvzf tor-browser-gnu-linux-i686-2.2.35-4-dev-en-US.tar.gz (I recommend tab completing that one)

4. mv tor-browser_en-US ../

5. cd ../tor-browser_en-US

6. Finally, ./start-tor-browser & to run the thing. Note the & at the end which allows you to close the terminal without closing vidalia or firefox.

Next time you want to run it:

• ctrl-alt-t

• shell

• cd tor-browser_en-US

• ./start-tor-browser &

Lemme know if you have any further questions.

EDIT: Did this work for you? Please, let me know how it goes

yes your site, ssl is not just about privacy, it can also prevent adversaries from injecting malware into the connection into the visitor's browser, among many other things: https://www.eff.org/https-everywhere/deploying-https

From tor website

Use Tor Browser

Tor does not protect all of your computer's Internet traffic when you run it. Tor only protects your applications that are properly configured to send their Internet traffic through Tor. To avoid problems with Tor configuration, we strongly recommend you use the Tor Browser. It is pre-configured to protect your privacy and anonymity on the web as long as you're browsing with Tor Browser itself. Almost any other web browser configuration is likely to be unsafe to use with Tor.

In addition, brave is a company rather than an organisation with links to Amazon which is suspicious in terms of privacy.

Increasing latency defeats the central goal of Tor to be a low latency anonymity network.

If you want more anonymity, and are willing to deal with significantly increased latency, check out Freenet and Mixmaster.

I think the main problems with running Tails in a virtual machine are:

1. If your host is infected with malware, your VM might be compromised as well. Simple example: A key logger running on your Windows machine will capture the keystrokes you make in the Tails VM as well.

2. If your VM is swapped out of RAM and onto disk, data that should just disappear when you shut Tails down, may end up being saved to your hard drive.

Running Tails in a VM is still better than nothing and can be very convenient.

Problem 1 is not so much of a problem on a Linux machine or a Mac, since most malware is written to exploit Windows, the most popular desktop OS. Careful Windows users that run a good antivirus program can also be very successful at keeping malware off of their system.

Problem 2 can be worked around by either encrypting your entire hard drive or by disabling the OS from paging memory out to disk.

Windows users using a Tails USB with persistence can run this program to make a backup of their entire USB including the persistence partition:

http://www.alexpage.de/usb-image-tool/download/

If the Tails USB fails or is lost, the image can be written back out to a USB flash drive of the same size or larger and be ready to boot.

Done... but folks... do try to practice a bit of safe computing here.

1. Never use google search to find SW
2. Expect Tor to have millions of installs, not thousands
3. Expect Tor to have thousands of reviews, not dozens
4. Expect Tor to have reviews going back years, not weeks
5. Expect Tor to be signed by a "Tor Project" cert, not a "Fiverr" cert

BTW... the takedown form is at:

Takedown URL:

https://support.google.com/googleplay/android-developer/contact/takedown

Package Name

com.kaptaigroup.Browser_Mini

Link to App:

https://play.google.com/store/apps/details?id=com.kaptaigroup.Browser_Mini

Orfox is no longer recommended for Android. Use the new official Tor Browser for Android

That said, surfing on Tor is going to be slower...doing so on mobile is bound to be slower than on a desktop

If you want to be real safe, like Edward Snowden safe,

It's a linux version that you boot from an usb and use it on a newly bought laptop when you log out, it formats the whole pc, like it was never used, and always uses tor connection and everything is encrypted. And I recommand NordVPN installed on a travel router cheap opensource router, if you don't want to invest.

> So I've recently picked up a NordVPN subscription.

VPNs are unnecessary for the vast majority of adversary models. They even hurt in a few. ,

> Tor browser for android

Is still alpha. You should use Orfox for a little while longer until it is no longer alpha.

Sure thing - honestly most companies make it just as easy as TOR browser to use. I would suggest paying a little for a VPN instead of using a free one though. Like I said, I like Private Internet Access but you’ll find recommendations for others as well.

If you have more questions feel free to DM me and I’ll do what I can to help.

Tor, Psiphon, Hotspot Shield and Freegate don't work since yesterday. They were blocked once before following a chain of protests.

I wonder how it was made possible. They really upped their blocking game.

What's the purpose behind using another VPN at your exit node? VPN>Tor is pretty benign, it dosen't really harm your anonymity and it prevents ISP from knowing what you're doing. Also since you're using Tor, the VPN firm can't see what you're doing either. However the other VPN at the end can be dangerous, fixed exit nodes make you more trackable. There's a lot of factors that need to be considered before using a VPN. Thoroughly read their privacy policy and terms of service. Make sure it's a VPN outside of US/EU/Canadian jurisdictions. Pay with bitcoin and if at all possible download and install the VPN app off their onion link. Not all or even most VPNs have onion links though. If you pay with bitcoin and download off a Tor onion link they will never know anything about you, and this is the only way to truly stay 100% anonymous with a VPN. Of course it needs to always be used with Tor in this instance. By the way all VPNs log minimal amount of data, like bandwidth used and connection to server. Read about that cyberstalker that got busted using PureVPN. They handed over bandwidth and connection logs to the police. Of course to tell the full story what really got him busted was just stupidity. He was logging onto personal Gmail accounts with his VPN, lol.

PSA from the developer mailing list:

>The beta will expire on 21 October. When it expires, your contacts and messages will be lost. The expiry period is designed to limit the impact of any security issues and allow us to make incompatible changes before the 1.0 release.

So be ready to start your social graph from scratch after the beta ends.

...any reason you're still using Savant?

EDIT: Did you read this article? It's dated. Just use Apache or nginx and learn how to secure it accordingly.

Incremental checklist:

Use Tor Browser.
Security slider to "high."
Follow these instructions.
Encrypt everything.
Do not upload anything ever.
Do not log in to accounts ever accessed without Tor.
Use Tails.
Disable microphone/camera in BIOS settings.
Use hardware with no association to you.
Connect from a location with no association to your identity.
As above, but make sure there's no CCTV.
Leave all electronic devices at home.
Put tape across the webcam.
Do not use device or location for more than one session.
Take two devices, and swap mid-session.
Destroy all devices after use.
Disgyze yur writen stayle.
Connect the Tails USB to your arm via fishing wire in case you are ambushed.
Speak with a Russian accent.
Wear protective body armor.
Use excluseively Thinkpad X60's.
Insist those around you put their electronic devices in a fridge.
Provide the fridge if necessary. No compromise.
Introduce yourself as Chelsea.
Conduct operation under the cover of a blanket.
Actually learn Russian.
Avoid Ecuadorian embassies in the UK.

>there is no anonymity for the client

When a client connect to a hidden service, the client establishes a rendezvous point with the hidden service and the client and hidden service exchange their data at that point, both having a full Tor circuit between them and the rendezvous point. The client picks their own circuit, and so does the hidden service. (Well, Tor picks them automatically by default, but you get my point.) So unless the hidden service owner has a client who happens to pick a circuit of nodes that they control, the client is still anonymous.

See this page for further details, as I feel I'm not doing a great job explaining this process and doing so is outside of the scope of this post/thread anyway.

The "Lawyer, SysAdmin, and Police" only have your data at the end site. Everything is encrypted along the way and they won't be able to discover your location. You should not use the same user accounts on TOR that you use when not using TOR. If you use the same account while using Chrome and TOR then you are correct that it defeats the purpose.

The TOR overview might be helpful.

There's already a lot out of into there but freedom ain't free and neither is anonymity. You gotta work for it. Just like how having a shelf full of books doesn't mean you magically have the knowledge within them.

The Tor FAQ is a good place to start.

As I understand it, Tor hidden services publish something called a hidden service descriptor, which identifies them by key and details how clients can connect to them by their introduction points.

This descriptor gets shared around by other servers, which are consulted by clients wanting to connect to the hidden service. IIRC this uses a distributed hash table.

Two servers publishing new descriptors (same key, different introduction points) would each get some traffic, because different clients might receive one or the other descriptor from their lookup. If one publishes a descriptor after the other it would then take the traffic.

Either way, one would win out after a short time.

https://www.torproject.org/docs/hidden-services.html.en

> could this be a method of load balancing?

Possibly, if there was one hidden service descriptor which had introduction points leading to different servers with the same key. Don't think it was intended for this, I don't think it would be good load balancing, and is likely to have unintended consequences.

1. Download an image of Tails https://tails.boum.org/download/index.en.html#index2h1

2. Right click file and click burn image to disk

3. Choose the DVD and burn

4. Let the image burn to disc

5. Restart the computer

6. On boot find the boot menu (you can google this or try keys like delete, F8, F12 etc)

7. Select disc

8. Boom you have loaded up tails

For USB you have to have tails on a disc (There is no other way and I know that it is a ball ache!)

1. Load up tails from a USB

2. Go to the tails installer https://www.deepdotweb.com/tmpguide/opentailsinstaller.png

3. Plug in the empty USB device

4. Follow instructions and install the image to that from the disc

5. Happy safe browsing! :D

Not to confuse Tails with Tor; Tails is a 'throwaway' operating system which would (typically) wipe any evidence of usage, unless you enable persistence.

Tor is the browser you're asking about, which should be safe to use out of the box. Don't disable Adblock unless you want a larger fingerprint (as you know, those ads are coming from somewhere). Continuously delete browser cache (cookies and the like).. Limit your usage of clearnet sites.. For extra anonymity on top of Tor, you could tunnel through a VPN or proxy.

&nbsp;

Here's a really good stackexchange answer to a question similar to this one.

Joke blog... I doubt it.

However, the RasPi is just a little computer and can run Tor along with an Onion just the same as any other machine Tor runs on.

Directions on creating a hidden service

I would recommend searching Google for these questions. All of this information is readily available.

Yes and no.

They can do forensic analysis of your computer to determine where you went on Tor. If you use Tails this isn't a problem. They can also put spyware on your computer to monitor where you go.

They can also take over a Tor website, or any website, and use malicious code (very often through Java Script) to determine who you are.

Otherwise, when you connect to Tor, not even your ISP or the police can determine what websites you're visiting, unless the police own those websites themselves and are running exploits. ~~By default Tor disables Java Script, so~~ If you turn off JavaScript, you don't have much to worry about unless you start running scripts.

You probably got this pop up because you were on a malicious onion site and they wanted to inject you with malware. Alternatively the Finnish police could also just be tracking every exit node, but this seems implausible.

edit: https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled

Your government blocks Tor. You will need to use a bridge.

Send an email to using a gmail account (only gmail works) with the subject "get bridges" explaining your situation. Please do not share the bridge information online, but in person with other people so that those bridges cannot be blocked by the government.

https://www.torproject.org/docs/bridges has the information about this, but if you are unable to visit the site, let me know and I will get the information to you.

They both have their own purposes. My best suggestion would be to look at the comparison on the whonix website, although it's a bit outdated at first glance (e.g. it shows Tails latest version being 3.13.1 which was 2 releases ago.)