How do cibercriminals get caught while using Tor? I thought this technology was 100% secure?

By having JavaScript enabled

>what is Google

google.com/url?sa=t&source=web&rct=j&url=#&ved=2ahUKEwiJjPa5xeHgAhVM6uAKHQeJATEQwqsBMAF6BAgHEAo&usg=AOvVaw0VTJzWxrN8ZFOD4xbU2nov

>&url=%23&ved=2ahUKEwiJjPa5xeHgAhVM6uAKHQeJATEQwqsBMAF6BAgHEAo&usg=AOvVaw0VTJzWxrN8ZFOD4xbU2nov

Looks legit, bro.

these

If they found a pattern on YOU and they control your entry point to the Tor network, AND find YOU on the other end, you're busted. And they can do that. Entry and exit nodes are UNENCRYPTED.

>Entry and exit nodes are UNENCRYPTED
How do they break, for example, SSL, or PGP?
If you are talking about someone uing it to connect to a web server which does not use encryption, if you can still find one, then yes, those packets can be captured and their contents read like any unencrypted packets can be. If you're connecting using SSL, then no, they cannot. If you're referring to the destination server being know, then that's how networking inherently works. If you're referring to something else, please do elucidate.

50% + of nodes are Government honeypots. Once u get a comprimised entry and exit ur comped
Use a vpn for tor, if ur gonna do some highly illegal shit use two different vpns with the second one bought with bitcoin and in a vm, where your host machine runs a different vpn

Attached: serveimage(2).jpg (265x190, 6K)

You're right. We're talking about hidden services. They can't break the encryption. I was wrong in my previous post.

If you control enough endpoints you can do timing attacks and generate lists of people accessing TOR endpoints by getting their ISP subscriber information. This list is small enough to sift through effectively because TOR is a niche service used almost exclusively by criminals and degenerates. The timing attacks are extremely fucking easy to due to the nature of HTTP and short request response duration.

The second way is through zero days that are purposely introduced into the TOR project through compromised developers. Keep in mind that all the US gov has to do to turn a developer is tell them they have to do it, Americans have NO rights when in comes to enforcing national security. These zero days are NOT disclosed when used to catch high value targets.

What does that URL do?

this guy gets it. also host the vm's in foreign countries paid for with monero.

/thread
Basically don't be an idiot.

This shit is only applicable to those hosting .onion sites. Their threat model is not comparable to a random user using tor at all. It should also be noted that no 'high value' target has been busted with any of these proof of concept methods.

Why did the FBI need to create malware(which required a specific version of tor browser and JS being enabled on a specific platform) if they could just do any of these aforementioned methods?

techdirt.com/articles/20170106/08320436415/fbi-dismisses-child-porn-prosecution-after-refusing-to-hand-over-details-hacking-tool.shtml

NASA is on it as well? WTF

Attached: 1542729015605.jpg (782x604, 398K)

This is how they do it
google this
TOR super fast sentinel law enforcement supercomputer
The PDF you find will tell you in great detail how they do it.
Basically law enforcement has spent the best part of a decade putting up both entry and exit nodes that are fast and many of them, adding them slowly over time. They have the entry node which tells them where data is coming from and the exit node which tells them where it is going to. They rent time on supercomputers it is cheap, fast and allows them to virtualise hundreds of nodes

I hate the FBI so goddamn much

watch your tongue, potential terrorist

Do i use standard settings on tor, or do i set it to safer or safest in security options?

>fearmongering
Anons, speed has nothing to do with "muh supercomputers" or how much money someone throws at one. It's about NETWORKING speed. That is limited by cables and NICs. Furthermore, let's end this shitty FUD about speed. The current version of Tor browser doesn't show node locations, but in the versions that did, the nodes you would be connecting to were different every time, and you could always reset them to get a new identity and new set of three nodes. The idea that Tor only takes the fastest route to get to a destination is nonsense. That's how the CLEARNET works, not Tor.

Yes, that's the malware I mentioned. Why create that if they could just use timing attacks since it's 'so easy' apparently.

I think you need to spend another week fully reading on tor security before you do anything.

user error.

>javascript enabled
>fullscreening the tor browser
>using a compromised exit node
>providing sensitive info without PGP encryption

Doesn't the feds run this as a trap for niggers?

No that'd be incredibly stupid and counter productive considering the millions of people that get away with using it everyday for illegal activity.

Attached: IMG_20190301_214118.jpg (705x714, 144K)

And yet, clearly, and without reservation, TOR is compromised, now, ask yourselves who do you believe. teams of network specialists paid, not only to teach thousands of people about advanced networking ideas (professors in the computer industry) or this guy
Law enforcement dont even have to pay professors and PHD's in computing to come up with ways to defeat TOR, they do it because they are against terror, against child abuse, against fraud, they do it because they are reasonable human beings who want to live in civilisation, not some sociopathic nightmare
All you have to do is search google for long enough, spend an hour or so, looking at how law enforcement across the world are using methods that crack tor wide open. These people are geniuses of computing pitting their wit against you, a guy in your bedroom just praying law enforcement havent discovered you yet

If they're so powerful, why are there still any terrorists and pedos and criminals left? Wouldn't they have all been caught long ago?

glow harder

>It's about NETWORKING speed. That is limited by cables
Did you ever hear about fibre? Or do you know about the speed of light? Or multiplexing? No? I figured.

Are you this stupid? Seriously?
No because they dont all use TOR or the internet, but the ones who do are going to get caught hahaha
]2019 - that stupid as to ask
why are there still any terrorists and pedos and criminals left?

This. As long as you've done your homework and dont make some retarded error like this, youre fine.

This guy was the king of the silk road for God's sake. They didn't use some obscure networking algorithm to pin him down. Or any malware. They conmected his fucking username to his gmail account.

>fullscreening the tor browser

Explain yourself.

Fullscreening means they can see what resolution you use. Just one of those things that help them identify you.

Interesting. Thanks.

Poor Operations Security
>Example: using information that ties them to their real identities when using hidden services

> what is a honeypot node

does this matter if javascript is disabled? panopticlick.eff.org suggests figuring out resolution requires javascript, but tor browser gives you the warning regardless

>How do cibercriminals get caught while using Tor?
Because you're not anonymous when you're the only retard in a 20 miles radius to use Tor at a given moment

I think resolution can be deducted through CSS fingerprinting, too.

I want to run tails with a vpn. Or maybe whonix.
Wat do
What is the most secure host for whonix that also can run a vpn?
Too bad there are no easy way to get openvpn on tails
Im stuck here
Is there a distro that has everything?

Is kodachi secure?

Fiber-optic and the speed of light are still limited by standards when it comes to computing. Look into networking standards, namely the [speed type]BASE[2 letters] standards for ethernet. Shit doesn't go faster than what's standardized.
And once again, fastest speed to destination isn't how Tor works.

Must be difficult to go through life with such a debilitating and evident mental deficiency.

why does the resolution even matter?
billions of people use 1080p screens, they wont be like
>"ah, this guy has a FHD screen, it must be Hans Muller in the Sesamstraße! go get him"

>I thought this technology was 100% secure?
Then you're a retard.