PLEASE DISCUSS WHY TOR IS PWNED OR NOT

>Stop listening to people here. They're retards that don't know anything about TOR or how it works.
TOR is supposed to be Tor, m8.

>The NSA doesn't have a super secret math formula to track users through the network.
No, but they have tens of billions of dollars every year, and thousands of the best people working for them, and the cooperation of 4/5ths of the world, and the ability to hack and own the other 1/5th (which they do).

>Traffic correlation takes weeks at minimum
How do you know this? More so, how do you know the NSA takes this long with it, and that an automated system isn't in place?

>and is rendered worthless if you never leave the onion network because they'll be no exit node.
But what if you do leave the onion network, as 99.9% of Tor users specifically seek to do?

>It also gives a shitload of false positives and won't hold up in a court of law.
False positives are easily weeded out in that the other 300 connections to a certain site at certain times will match still.

>Qubes as of course the most secure system out of the box but the least convent.
I thought Qubes was convenient, though? Is it not easy enough for an average Windows user to use? What exactly is hard about it? I was looking forward to trying it, but that discourages me.

>Stop listing to the advice of smug morons on Jow Forums. Whonix, Tails , and Qubes all have great resources to teach you about Tor.

Am I wrong in assuming that using Whonix via VirtualBox in a Qubes VM would be more secure than using Qubes-Whonix (as packaged together), because an attacker would have to jump through VirtualBox in addition to KVM/Xen?

Thank you.

> You should assume they have developed ways to fool the Tor relay finding algorithm in order that their spook controlled relays are chosen
1) Assuming something is always useful if you're going to be paranoid, and yes, you should not trust an outgoing node.
2) That's why you should use your own encryption on top of that.
3) If you talk about timing attacks, well... it's possible, but hard, considering it relies on the amount of data you sent through. That's why you shouldn't torrent over it, the more data, the easier timing attacks are.

This is mostly accurate. Lets not forget the idea that TOR was developed to be secure against state level actors like China and Russia, so it isn't like it can have a very easy NSA BACKDOOR ONLY DO NOT STEAL method to de-user or otherwise mess with TOR or it would mean putting people and info the US gov't would rather keep secret, vulnerable. Having something that requires one state level actor's abilities only means you need to consider other state level actors are also capable if around the same power level so to speak. No matter how great the US thinks it might be, there's nothing leaked or demonstrated that suggests they're so far ahead in capabilities of other top-tier tech powers like Russia and China, not to mention our allies like the EU and "allies" like Israel

Especially after all that is happened, leaks etc... the "we can be the only one with X exploit, or control the network or etc..." is NEVER a good choice. It would take monumental stupidity to try with that gameplan.

Just a daily reminder that Qubes is developed by a "girl"

Attached: LinuxCon_Europe_Joanna_Rutkowska_03.jpg (512x768, 54K)

Why are there so many trannies in the linux world

> is NEVER a good choice. It would take monumental stupidity to try with that gameplan
Or just recklessness. Remember when dh vulnerabilities in CIsco were patched. Or samba v1 vulnerabilities in WIndows, they had existed for a long time.

TAKE THAT BACK.

JOANNA IS A QT AND SHE IS A REAL WOMAN, NOT A TRANS (SRS)

Anyway, why do you retards worry about the NSA? You aren't their target. Worry about Amazon, Cloudfront, Google, Facebook, and Microsoft. Tor will protect you from those fags.

just dont use it from your home connection or too close to your home if you are doing something that would get those after you.

>samba
>Windows
user...

nah desu, his name is Jan Krzysztof Rutkowski, he has papers from back when he was studying in Warsaw University of Technology
He also attended Black Hat a few times with his male name

Ref:
web.archive.org/web/20070208025303/http://www.rutkowska.yoyo.pl/

& pic related

Attached: -.png (519x476, 43K)

I run Tor relays and I keep up with the proposals, to the best of my knowledge Tor is the safest easy to use anonymity system around.
It's not designed to work against a global adversary, but in practice it is a pain in the NSA's collective asses that they can not easily break (source: leaked slides).

>It would be trivially easy to see Bob's connection connecting at specific times to a Tor entry, and then see end node connections connecting at those exact times to [Website].
Traffic analysis if far from being that simple. Tor always has several circuits open, so when you connect to a site it doesn't open a new connection except between the exit node and the site.
Meaning the only thing traffic analysis can see is 512 bytes blocks of data moving from you to a guard. Then the guard constantly sending blocks to other relays, any of which could be your middle relay. Then all of those relays continuously talking to exit nodes. And when you get to the exit node, the fact that it connects to the website at a time t+guard+middle+exit is practically impossible to trace back to the 512 byte packet you sent to your guard at time t.

>Say someone sets up VPN>Tor and downloads torrents or views YoutTube videos non-stop over the VPN (but not Tor) while using Tor to browse. Doesn't that obfuscate their Tor traffic from timing attacks?
No, not at all.

this cuck trusts his vpn as if they would actually wouldnt give up his data

3/10 you fbi scum, try harder next time

trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN#You-X-Tor

I fapped to a tranny.

Attached: freaks-geeks-stink-eye.jpg (500x376, 32K)

Faggot, the most they could give up is "this encrypted Tor connection left this IP address at these times, to a destination that we don't know." The same would be with Tor>VPN, in that the VPN would still sell you out, but would still only be able to say "this Tor end node IP went to this site at these times" and then investigators would go to the ISPs to see which connections in America were going to Tor at those times, or something rather. And if you weren't using HTTPS, they would possibly be able to see what you sent and received from that site.

Thanks, m8. What do you think of Tor over Tor (but with nodes from certain countries disabled so that the problems of Tor over Tor don't happen). For example, in the first instance of Tor, you mandate only Russian, Icelandic, Panamanian, and Hong Kong nodes can be used, and then in the second instance of Tor, you exclude all of those same countries and the US. Possibly even changing the current 10 minute time that Tor re-assigns and reconfigures nodes to a lesser number of minutes, but leaving it as default 10 minutes in one instance of Tor? That might cause extra headaches.

ill go over a couple of your points, but first i want to comment on tor over tor (tor -> tor)

tor -> tor is very dangerous. the parts of tor that guard your connection are the entry guards, by going tor over tor youre adding 3 more entry guards - those same guards who may very well be compromised by the fbi or whoever else has a compromised exit node. by going tor over tor, no matter the other potential benefits, the bottom line is that youre getting 3 more guards, which means 3 more chances to be connected to a compromised node, and thus is highly, HIGHLY discouraged

now yes you are right. lets say the vpn sells you out -- now the government knows that someone was using tor and they can catch you that way. but using tor isnt illegal. thats the point. ALWAYS assume the vpn will sell you out, you should NEVER rely on them to be your last line of defense. that should always be tor. vpn -> tor is only good for when youre in china or somewhere else and using obfs3 with tor or whatever is out today just wont do.

for the rest of us in america and europeland, tor -> vpn is the way to go. always. especially if youre really a smarty, and set up whonix to protect yourself from more attacks than the average lad, and even more based is qubes + whonix

>What do you think of Tor over Tor (but with nodes from certain countries disabled so that the problems of Tor over Tor don't happen).
There's multiple problems with Tor-over-Tor really.
If you limit the countries, then clearly you're going to pick relays from a much smaller pool wich in and of itself is dangerous.
Next the longer the relay chain you use, the more it opens some new opportunities for traffic analysis. If one of the relays on your chain for example decides to freeze circuit X for 200ms every 1s, and that happens to be your circuit, the unnatural pattern becomes easy to spot. Only going over 3 relays is good.
And then there's the more abstract idea that you're outside the safe well-known use case, the big advantage of Tor over everything else is that it has **considerable** amounts of research backing it, the moment you step out of the nominal scenario, all of those proofs and safety mechanisms no longer apply to you. So you're really just blindly hoping that your nonstandard scheme doesn't introduce any vulnerabity or break any security assumptions.

Thanks for the detail m8. I'm debating Qubes+Whonix or OpenBSD+Whonix, as Linux is pretty full of hidden security bugs, supposedly. And if you were to be hacked and Whonix jumped, you'd want them on an OS that has next to no bugs, and has built-in security, such as auto-checking for malware and changes via checksums (OpenBSD). But with how hard OpenBSD is to use, I want to try Qubes more, I think.

Thanks for that info too.

BTW, wouldn't Ungoogled Chromium over Tor be better to use than Firefox/Tor Browser, as Chrome (which is what Ungoogled Chromium is largely comprised of) is almost bug-proof?

I like this thread.

>BTW, wouldn't Ungoogled Chromium over Tor be better to use than Firefox/Tor Browser, as Chrome (which is what Ungoogled Chromium is largely comprised of) is almost bug-proof?
Tor browser has a lot of patches to prevent tracking and fingerprinting, de-googling Chromium is not enough. Instead of you want to be safe/paranoid run the Tor Browser in a sandbox (e.g. bubblewrap)

Can Qubes' DE be easily customized to, say, look like this?

Attached: xfce is the most versatile DE beside KDE.png (1920x1080, 2.09M)

Maybe some VM OS, but the main dom0 isn't ever supposed to touch the internet, or something rather. I don't think you can choose a DE/theme/customization for dom0.

no, because tor is about anonymity, hence why they tell you to not even adjust the size of your window when youre using tor browser. i still disable javascript, but thats the ONLY thing i do to it. the reason for this is so that all tor users have the same browser fingerprint, which is another layer of anonymity. you using some ungoogled chromium over tor is just asking to get caught, assuming they take your computer. you use the tor browser, but suspect A has a chromium fingerprint? youre free to go. suspect A has a normal everyday tor browser fingerprint and so do you? well you still have plausible deniability.

this -> if youre using qubes and whonix dont you have better things to be worrying about than ricing, like making sure your router has pfsense and making sure your computer doesnt have some bios backdoors?

Tor was untrustworthy the second there was a blatent attempt to character assassinate and remove Appelbaum.

what is this meme

>especially if youre really a smarty, and set up whonix to protect yourself from more attacks than the average lad, and even more based is qubes + whonix

Consider OpenBSD too. A simpler system has less components to compromise and is much easier to reason about.

using openbsd as your vm in the qubes+whonix setup?

Stop being a degenerate pedo OP

Used directly and regularly reinstalled from a clean backup. Qubes is good, but Xen has had several security holes, so it's not infallible.

This is true. A lot of the current project leaders are glow in the dark CIA niggers. They probably had some legal formality that required them to eject him to stay compliant with their illegal wiretapping orders. Like maybe his activism in other countries created some sort of conflict of interest in the CIA for involving themselves with the TOR project.

One thing is for sure though. Once somebody controls enough nodes on the network, traffic is instantly compromised.

>They probably had some legal formality that required them to eject him to stay compliant with their illegal wiretapping orders.

Or some members were deliberately introducing security holes and he was picking up on them.

>Tor relay
Pedo?

TOR is literally sponsored by the US gov. Pretty sure it was started by the US gov too. You're surprised that some CIA US gov agents are working on a US gov project?

k kid

>Stop being a degenerate pedo OP

>implying OP isnt just trying to buy some canada weed

>canada weed
OP should go to Canada then.

Is the future

Attached: zeronet.png (512x512, 63K)

colorado weed then

>colorado weed
OP should deal with his problems like a man, instead of being a lazy stoner.

>gentooman should deal with his problems like a man, instead of being an angry drunk

fuck this thread

put the moonshine down, jimbob

Ultimate state of fa/g/s.
>plz let me rice my distro else no c00l :(

t. NSA operative.

Attached: 1528623199920.jpg (119x102, 4K)

What is a safe alternative to accessing the onion without tor

Real world.

quads of TRUTH

Quads never lie. CIA niggers exposed

no i2p nerds in here? I wish more exit nodes existed :'(

I2P, Greener, Zeronet and so on is dead. Tor is soon too

Freenet* Fucking shit botnet Google phone won't allow me to type that shit

I2P is great, but unfortunately it doesn't allow you to browse the regular internet except for one or two horrendously slow exit nodes to the internet.

Why are they all dead? Why is Tor soon dead?

technically it's not anonymous. it's just that the organizations in control of it, don't have the resources to waste money on some junkie buying drugs

by those means you can protect yourself. but if the NSA wanted you, they would have by now

ITT: FUD

Normies don't give a fuck, Jow Forumsentlemen only care about ricing and "free software", not free internet.
The only ones who care about it is criminals and hackers basically

Then there is the underaged fags who watched some "EPIC DARKNET STORIES" on YouTube and think it looks HELLA COOL XD, but they don't host any notes. I personally host an exit note, but that's only because I live in Scandinavia where they basically can't do shit. I do get calls from the police every now and then, but I just explain that I have an exit note and then they leave me alone

I figured since you can't solve traffic shape may as well make an IP level onion routing network.
I LIKE WATCHING THE WORLD BURN :D

tl;dr do you host a note? No? Then chances are that 98% of the other users aren't either. That's why it's dying

Node* fucking shit phone

>blaming the phone for your shit typing

Hold up, are you saying the police in Scandinavia actually telephone call, letting you know that you may be under investigation? .. or .. are you using the term "call" as in the police making a physical visit? . . . to tip you off that you may be under investigation.? whaaaat?

>I’m comfortable and happy being a woman, although I do realize the absurd of the rigid classification of human beings into two simple subsets: males and females, and always surprised how deeply this influences people.

oh "she" is so a tranny

blog.invisiblethings.org/about/

Attached: joanna.jpg (2202x2202, 659K)

>invisiblethings

like her uterus

Tor is just a Free Software VPN but times 3 (at least), since this chan is basically filled with dataminers (hell, it IS a dataminer) the """""""anons""""""" here will try to prove you that it is pwn'd (because it's not like drug/gun dealers, Snowden (former NSA agent that proved to us that botnet is real) Assange (Founder of WikiLeaks, also known as that smug motherfucker that tries to destroy goverments, he's cool tho, no bulli), people in countries like China, 1337 haxxors, pedophiles, etc. are using it)
also, even IF something something, it's all encrypted™, yo

Attached: 79.jpg (480x401, 29K)

Looks like this faggot has made enough money to get a lot of plastic surgery. Can't hide those hands and shoulders in the picture above though

no one wants to host exit nodes because they will be abused and most people wont want to deal with that

They call me asking about large suspicious amounts of activity coming from my network. Tell me they got logs they can refer to and if I know anything about it. If I say no they will probably come visit me in person, but explaining the situation usually works

Bump. Fags.

first reasonable response in this thread.

You're fucking retarded

yes it's safe but only if you disable everything and don't browse like a retard. Stop watching movies and shit. The government is incompetent as fuck irl

>ITT: Idiots thinking they understand Tor.
Lol, Jow Forums is such a shitfest now.

Just so you know, that isn't how Tor works.

>He doesn't understand VPN, or the fact that no non-logging VPN company has ever been used as a source of evidence in any case, ever.
Why is Jow Forums full of Jow Forumstards now?

Nice valid and credible sources you linked there OP. Oh... wait... You don't have any.

You'd think people would know the actual design/engineering flaws that are present in Tor and not these unsolved problems that are pretty insignificant in comparison (correlation attacks).

For instance, the biggest threat facing the Tor network today:
lists.torproject.org/pipermail/tor-dev/2012-March/003347.html

This *still* hasn't been fixed and is a legitimate design issue: trac.torproject.org/projects/tor/wiki/org/meetings/2018NetworkTeamHackfestSeattle/RelayCrypto

Beyond that, there's things like the Sniper Attack: nrl.navy.mil/itd/chacs/biblio/sniper-attack-anonymously-deanonymizing-and-disabling-tor-network
which I don't think has been fixed either.

Don't argue about VPN->Tor or Tor->VPN; if you have a brain fix these open problems and research areas.
But neither you nor I have a brain.

Don't use a VPN with tor.
There are attacks that may be possible on the tor network, but they are generally not feasible in the real world thanks to the size of the network and the level of noise that appears in a network that large. The internet is pretty large, and while you could collect a fuckton of timing data, there simply isn't enough processing power to really do enough with it. The best we have is probabilities. A maybe.

The best sign though is that if there's CP still on it, it still works.

It probably still needs to use clearnet stuff like routing protocols to get to the proxy nodes

The devs of tor care about anonymity very much, especially against state actors. A summary is that their intended users live in countries like Iran, North Korea, etc, where if your identity is discovered, you get murdered by the state. Although murdered by the state sounds like something the US does a lot too.

Anyway the point is that state actors rarely share state secrets with each other. For example, if a tor node is in russia and one is in the us, the NSA would need to know the russian switch backdoors and the cisco backdoors (I really want to find the backdoors since they'd be great for pen testing) to really do anything about it.

Problem is that then you have 'this guy uses tor' as the information extractable. For a timing attack to work you need to have compromised every single node in the chain, including the target. Not really possible. Especially since you'd need to find out what the nodes where in the first place.

Bump

all the people publicly deanonymized despite using tor have been traced through other channels, never tor itself.
the most effective way for nation states to attack tor is to tell people it is insecure, because actually breaking its security is insanely resource-intensive relative to the cost of letting an individual break the law with tor.

if you're just a regular guy or low-level criminal on tor, you're effectively anonymous. if you stole national security secrets from the americans then you should be a bit more worried, but not because of tor itself - your opsec is probably lacking in other areas and made you traceable.

Desperate disinfo.

t. NSA

Dude you will not win against a colonial empire spanning the entire globe

>in order to connect to Tor you first usually establish a clearnet connection
>Tor requests are easily distinguished from clear web
>when you connect to Tor you contact all the nodes you're connecting to
>if you connect to a malicious/NSA exit node (or any node, really) they know the exact time of connection
>ISPs know exactly when you're connecting to Tor
>NSA can easily get this information from ISPs
>your ISP knows exactly the packet sizes of shit you download, and so do all nodes you're connected to
>NSA can easily narrow you down since they know the ping and download sizes of data you're getting from Tor, if you're connected to their node
>by using this information taken from ISPs about every user they can figure out your exact identity and it only gets easier the longer you're connected
>therefore nobody using Tor is truly anonymous unless you reset your connection every 30 seconds

Tor is compromised since 2012
Sage & cage this trash

If i wanted to contribute to tor what do i run, an entry node or exit node or what?

Either. Try exit node first.

I wrote a toy onion routing protocol, i am convinced that it's impossible to get rid of tagging attacks just because of the nature of onion routing.

Ya'll niggas need to chill. The government really isn't this strong or has this kind of reach.

Found the CIA cuck. They probably already have quantumm computers

t.nsa