Tor thread

>continued
We can't beat the nation states. They have infinite money and authority. All we can do is be irrelevant.

>Trusting java software
exploit-db.com/platform/?p=Java

Attached: retard.png (645x729, 56K)

not using i2pd

Im pretty new to this, but what does stop a VPN from erasing all traffic records after a certain period of time?

Sorry user. Internet anonymity is truly dead. You can't hide anymore.

tor has been a mess for a while
haven't trusted it since the blow up in 2012 or 2013 or whenever with that js exploit
silk road being shut down was another large blow

If they store records in the first place (logs) then they may be required to turn them over, provided there is a court order. However, there are no data retention laws in the US, so VPN providers can subvert this requirement by not keeping any activity records. Also, many VPN providers use shared IPs which makes it virtually impossible to pin a particular activity to a particular user, even if logs are kept. This is by no means foolproof and you should look into combining options.

>javascript vuln executed in browser
>captcha misconfig leaking true ip

Neither of those two highlight a flaw in the tor network.

Does it really matter if the government knows what you fap to in current year? 50 shades of gray was a blockbuster.
Besides CP I don't really think anyone's going to fail a background check over a specific kink.

Attached: 1422066226796.jpg (573x393, 19K)

none of this exploits has anything to do with i2p and few of them have anything to do with java in itself

What does Dingleberry have to say for himself? TOR migrated to a an entirely new backend since last August to supposedly bolster and augment the security of it. Is it correlated?

The goverment as is can target indivual users and de-anonomize them with hacks or honey pots but using tor will make it a lot more expensive to do passive surveillance and likely deter any non individualized attacks.

>likely
Its designed to be compromised and this is common knowledge.

>trusting computers

>zeronet
botnet

If Tor is no longer safe then why does tails,qubes and whonix continue to use it? Is there no alternative (other than i2FBI or memenet)? I've made the personal decision to never load Tor again, its just too dangerous nowadays

You don't seem to understand how Tor works. Even if 100% of all exit nodes would be owned by some agency, they couldn't find you since you're behind a chain of other nodes. The only thing that deanonymizes users is JavaScript, Flash, and all the other trash you shouldn't use with Tor anyway.
Use Tor and use it correctly, which means using the Tor Browser and reading the documentation to understand how it works.

>If Tor is no longer safe then why does tails,qubes and whonix continue to use it?

Because saying its unsafe is an FBI meme

Attached: IMG_4580.gif (245x175, 1022K)

Tor being unsafe is a stupid neo Jow Forums meme.

Please have a 30 second browse of deepdotweb.com and then tell me how it's a meme. People are getting arrested today for shit they did back in 2010.

>l-look! this dump pedo/drugdealer was a fucking idiot and got arrested! Tor insecure!
lol

>surprised that an outdated browser has vulnerabilities
>the same browser that puts a fuckhuge banner whenever there’s an update available
Also, this is a problem with the user and browser, not the network. Snowden’s documents showed that Tor is the best we can get since the NSA and friends cannot easily target someone.

but yet tor browser has javascript enabled by default...

The Tor project has said before that they do this so more people use the browser, which increases anonymity. They have a slider so you can pick your security mode.

>give a home address for shipping
What else are you supposed to give?

Tor was dead in 80's.

Because sellers are smarter

.onion sites "lose anonymity" by either being infiltrated by the feds or by leaking true IP through some misconfiguration. There is simply no way to determine your true identity when using tor otherwise. That being said, should the site you're purchasing crack on be compromised, you're going to get busted

Edit: with infiltration being social engineering

Your step dad's address

Pedos and drug dealers who were under the "anonymity" of Tor, care to explain how it keeps happening? If it can be used to target one group then the same method could be upscaled to attack everyone.

FBI false information distribution in progress

Tor devs themselves admit that its not NSA proof

It also has noscript enabled by default

>Does it really matter if the government knows what you fap to in current year? 50 shades of gray was a blockbuster.
>Besides CP I don't really think anyone's going to fail a background check over a specific kink.
twitter.com/Snowden/status/927931508177997826

Yes. Your reputation can still be destroyed if you're into weird porn. Huge swathes of the public still think that all porn is immoral. The government actively keeps track of the porn habits of undesirables. Finding (or planting) CP is the jackpot for them, but the mere fact you're not into CP does not protect you.

>OMG GUYS TOR IS INSECURE LOOK AT ALL THE DRUG BUSTS
meanwhile drug dealers are literally uploading their exact location

Attached: file.png (569x200, 25K)

>Huge swathes of the public still think that all porn is immoral
Huge swathes of the public are also hypocrites, intentionally or otherwise.

>shared ip

you mean like NAT?

So is a VPN safe enough to browse and download? I use a VPN for shit like pirate bay but never once dipped a toe into shit like .tor

they are ways TO DO IT RIGHT
if your using tor on windows you are a fucking moron!
only on vm with the right os like kali linux or parrot.
you need to install all the relevent rpms
you need to change your mac adress hide your ip and use proxy chain
any other additions will be welcome for better security...
so if you are trying to be the new faggot on tor dont!
learn to do it right

All of this EXCEPT the VM part. TOR/TAILS explicitly warn against using it within a VM because VM software, being proprietary and sometimes obfuscated, has the potential to leak computer information or be exploited. If you're going to use a VM, it should probably be a one time usage, but never beyond that.

>you need to change your mac adress hide your ip and use proxy chain

what's the fucking point? only the first relay can see your mac adress

Fucking this, jews pls go

>Even if 100% of all exit nodes would be owned by some agency, they couldn't find you since you're behind a chain of other nodes
>what is traffic correlation attack
the absolute STATE of
you know the drill

cmon buddy, it's the most widely known non-PEBKAC tor vuln

never heard about that can u give me some souce
my good man?

It's on their website FAQ/Security Tips or whatever. And it should be self evident anyways.

i just checked that site out and every article is literally idiots buying drugs from undercover cops and dumb pedophiles sharing CP on fucking icloud. not one mention of any tor exploits whatsoever at all.

now begone fudster.

>be a one time usage, but never beyond that.
actually my first time project on tor was on vm inside usb that i was booting every time without saving anything on my pc
maybe your right and i forgot to mention not to fuck with that too much you can never know waht will leak

Yeah, see there you go. VM's if you're using them on a permanent install will leave traces and logs that can then be used in parallel construction by Digital Forensics investigators.

live cd is the way to go. and i do mean live CD. not USB. USB's can be mounted with persistent storage. CD's are ROM. You want to boot something like tails or whatever from a CD. Also if you have any HDD installed in your machine remove it. Use only live media. If you need to save data for use an encryed usb stick encrypted with LUKS. But even all that wont protect you from making stupid mistakes. Like using it from your own IP. Or giving away details about yourself.

>But even all that wont protect you from making stupid mistakes. Like using it from your own IP. Or giving away details about yourself.
Tru. Almost every single high profile bust only came to fruition because of poor or mistaken OPSEC. The literal digital equivalent of busting Al Capone for tax fraud.

shred the disk run on live usb the save is on the machine so nothing is on your drive...
the ip can be hide by proxys and if you know python you can run hidden bots on tor so you will be fully prrotected

And how are we exactly going to do this?

actually if it's a live linux OS it will store any data during the session in either A: Persistent storage partition on the USB stick if selected at boot. Or B: /dev/tmpfs which is a ram disk.

Nothing wrong with using a ram disk. any data will be destroyed when you power off.

Here you go user:

vpnuniversity.com/learn/shared-vs-dedicated-vpn-ip-address

with globally allow scripts enabled (lol)

more on /dev/shm /dev/tmpfs and how it works: cyberciti.biz/tips/what-is-devshm-and-its-practical-usage.html

Depends on what you're browsing or downloading. If it's CP on a FBI honeypot no, they can (and most likely will) coerce the VPN provider to cough up your info (provided they keep it). If it's tentacle porn from pirate bay you're absolutely safe. Tor node operators actually dissuade users from downloading large files through the network as it slows it down for everyone else

this is one of the many things people dont realize
they use the same pc when they use facebook watch porn and using there paypal and visa acoounts emails and what not..
and with all that browsing tor to the darkest places and maybe even uses services and buy stuff thats what make them caught...
the lesson is dont do shit you dont understand

let us practice this technique.

first do df -h to see your mounted filesystems. make a note of whats there.

Next lets create a mount point for our ramdisk. sudo mount -t tmpfs -o size=5mb tmpfs /dev/myramdisk

now lets run df -h to confirm it's there.

now lets play with it. touch test.txt /dev/myramdisk

should be a file there. congratulations your using ram as a storage device.

>using tor without disabling javascript
top kek

Just use it on a connection which either doesn't belong to you or has been paid in cash, that way your real IP doesn't link back to you IRL

not saying: >b0tnet

How can you tell which one is a honeypot and which one isn't?

WE BUILD CHIP FOUNDARY FROM SCRATCH!

Attached: 1521487286729.png (406x452, 33K)

If you VPN chain and use either end then you're in a pretty good spot. If you're being super illegal, maybe do the actual actions out of a VPS too.

What are hidddn bots?

If you don't use the persistant volume then surely USB's are ok?

I've been using Tor for years. It's safe as fuck, just disable javascript and you're Golden.

>How can you tell which one is a honeypot and which one isn't?
t.retard

As per operational security strategy, you should always assume you are compromised, and hence take actions to minimize your exposure.

> care to explain how it keeps happening?

because they're retards who didn't use common sense. tor is secure if you have common sense.

this

>Is it fair to assume that in the year of our Lord, Tor is likely to be almost 100% comprised?
No.
>People are getting discovered at a rate never previously seen
Evidence?
>(check deepdotweb.com for reference)
Literal brainlets busted for doing brainlet things.
>and countries are adding ever mounting pressure to locate users.
They can do whatever the fuck they want but it's useless against Tor.
>So, can we assume that almost all of the network is being operated by government agencies?
No, that would go against their own interests.
>If so it must be abandoned.
Thank for the suggestion Special Agent Faggotson, but no.
>But what alternative is there?
An even more obscure network which means you are more easily identifiable.
>We have i2p but that's vulnerable to the same extent as Tor due to both protocols using voluntary nodes.
You're jumping to conclusions without presenting any evidence that volunteer-run nodes are harmful.
>Upstream monitoring for the purpose of correlation attack becomes a threat with voluntary nodes,
Traffic monitoring is effective regardless of who runs the nodes, but it's expensive and time consuming, thus not scalable to any significant extent.
>but fixed nodes could also be attacked.
And this is a non-issue due to how Tor is designed.
>It seems as though nothing is truly anonymous anymore
Oh wow, what a revelation. Wait until face recognition hits mainstream.

tl;dr OP is a shill trying to scare people away from Tor

Anons ITT have given some good reasons as to why Tor shouldn't be trusted. The main one being that Tor was knowingly released to enemy countries for covert usage, so that gives NSA a good reason to control 90%+ of the network. They can spy on what countries like Russia and Syria are transmitting

tor relays are run by lots of different people. exit relays are irrelevant anyway. internal relays are all that matter. in fact if people would stop using exit relays tor would become 100 times more secure.

even so tor is safer than VPN's. you have to pay a VPN to use it. So they have your credit card info. Even if you pay with buttcorns it still leaves a trail.

I would suggest something along the lines of repurposing Monero's architecture and just applying it to HTTP packet delivery + untrusted DNS servers

Enlighten us faggot.

A honeypot doesn't have standard telltale attributes, particularity one run by a federal law enforcement agency. If it's set up by some ambitious IT guy to catch skids scanning his company's network, then you could look for a set of sensing services. In the case of the FBI, it's there to log ips of visitors to the site which can be tracked back to the provider. There's no way to distinguish legit site vs FBI honeypot.

The majority of busts have been due to old fashioned detective work and sting operations.

Not everyone is covering their tracks and we just need one slip up to allow access into the chain of networks.
A single user can be used as a front website to put users at ease and lower their guard.
This allows a greater chance of them releasing information that would allow their detection.

>sure bud mail them to this abandonded house mailbox.
>agents wait for random person to visit mailbox to pickup drugs

There's no plausable reason for a random person to open a abandonded mailbox therefore we have our guy.
Then we offer a reduced sentence for co-operation and the cycle continues.

Believe it or not agencies aren't all Cyber detectives.

And that's why CP downloaders keep getting caught despite the crime containing no address. Ever noticed how ALL guns have mysteriously vanished from Tor?

Building a chip fab isn't a viable solution. New hardware shouldn't be new personal computers but rather be limited to networking equipment. It is also a good idea to begin designing new software (up from the OS level) for specific hardware with few known vulnerabilities. Also consider that the human element is still on if our biggest security risks.

You clearly don't understand how Tor works ( or rather doesn't work )

so why hasn't something been implemented around a blockchain to eliminate trust yet? seems like the obvious solution

it's spelled heroin, user. you should care about things like spelling and details if you want to write nonbuggy code.

Because its a trap and they don't want to make it safe?

>Building a chip fab isn't a viable solution
Why the fuck not? Maybe the machines would be huge and slow, but that really shouldn't matter.

>catches auto-correct context error
>lectures about buggy code

Attached: rich_evans_his_smile_and_optimism_gone.gif (300x278, 2.84M)

I love these pictures, compared to dumb frog meme - it's actually a good addition to Jow Forums community.

99% of the times I think a poster is dumb or having an educated opinion and I also hover over the replies to him there's a image like that !!! With this type of confirmation it just saves you time and overall improved quality.

Use a Cryptocurrency tumbler.. a lot of ways to do it:

Either buy monero straight away.. or buy monero - trade for bitcoin - tumble bitcoin and use that.

But again you could just use monero and only have to move it between wallets.

No he clearly does. You clearly have absolute zero clue.