So if I understand correctly, honeypots are websites or services that promise to provide you the desired service but instead is used by authorities to log your information like your IP address. But if they use this for hidden services how does it work? they won't know the true IP address of the user anyway because in the tor protocol the user and server meet at a rendezvous point so that the server doesn't knows anything about the user and vice versa. So how do people get trapped in them?
>But if they use this for hidden services how does it work? javascript/browser exploits, or bad operational security of the user (for example using a username that you use elsewhere, on non-hidden services).
Aiden Price
just use curl with tor hidden service and be safe desu
Hudson Edwards
I forgot, the timing that you connect to tor can also be something that gives you away, especially if you're already under surveillance. Look at how the FBI got Jeremy Hammond.
Austin Peterson
I too was about to mention timing. Cant explain right now because I cant remember my past knowledge about it. Might have to look it up.
Ayden Reyes
Yep. Also correlation attacks are possible. e.g. they own the exit and entry node. Unlikely and does not effect hidden services. Or by doing traffic analysis, it is possible to time you activity.
Landon Smith
I run at TOR at the "Safest Preset" that disables javascript on all websites. Anything else I should do? are traffic generators a good workaround for this?
also I saw Tor officially released it's browser for android on f-droid. is it as safe as the desktop version or are there any drawbacks?
Austin Russell
Why is tor such shit? Literally everything is ddos'd
Dude, don't do it. You're too technology illiterate to do stupid things on the dark web If you don't want to get caught doing illegal shit, just don't do it
Lucas Hernandez
illegal to report on corruption or other abuse get harassed by brainwashed peers that trust talking heads
Cooper Garcia
i don't wanna do illegal things and probably won't open the dark web because i mostly go there once a week to hang around at some chatrooms. I'm only asking to browse more privately and I recently read about how the tor protocol works so this question came in my mind and that's why i asked
Jason Clark
i only use TOR for the rebirthed Good Old Downloads
Juan Flores
Look into qubes+whonix. Using Tor in a virtual machine, or even better, on a dedicated computer, will prevent browser exploits that potentially could acquire sensitive information such as username, hostname and MAC address. It also prevents exposing your files. For example they could find some personal photos or documents and link it to your social media or cloud account. You might also want to avoid using your home network since the MAC address of the router could be obtained which would give away your location since smartphones (both iOS and Android) scan for wireless APs and tie them to their geographical location for use by network location services and targeted advertising. If your router supports OpenWRT you can install it and spoof the MAC address of the AP(s) and both the LAN and WAN interface. Then you could set up a cron job to randomize them at a set interval.
Lincoln Anderson
Openly funded by the government. That's all you need to know
Gavin Watson
Tor is literally backdoored. But you should still use it because it helps you stay away from corporate botnet.
Nathaniel Jackson
What is that?
Leo King
it's a necessary evil for the government and they need it too so they fund it yeah, it's backdoored and still the authorities have a hard time shutting down hidden services
Christian White
>have a hard time shutting down hidden services They don’t though.
Jaxson Turner
Can you post a source indicating that a timing attack was used to deanonymize Jeremy Hammond? From what I can tell, he got ratted by a colleague.
great video. btw anyone has any info on the memex search engine for the dark web by the feds
Michael Campbell
this is correct. This is how they've caught all of the high profile tor users
Kevin Ortiz
Yeah they can shut shit down easy, they’re just too bloated and incompetent to do anything at a reasonable pace
Adrian Richardson
Because people are trusting and dumb. Working with people you know will always be greater than relying on a browser and not really knowing who is at the other end. I do like TOR though sometimes.
Liam Parker
because the honeypots target bad opsec primarily, people who use real names or actual home addresses when buying shit, not mixing their bitcoin etc. they also utilize browser exploits, however the only known attacks come from when users failed to update tor browser or were fucked by javascript. if you have good opsec, stay up to date and disable javascript, you literally won't get caught doing anything.
that said, i2p is a better solution for darknets as its model is far better for anonymity as opposed to tor.
he was setup by a fat retard called Sabu (Hector Monsegur). the exploit information was given to jemermy by the fbi informing snitch. he was setup. tor had nothing to do with it. the FBI had IRC logs. you're wrong, faggot. that didn't happen in this case, but it has happened in others.
Nathan Jones
>that said, i2p is a better solution for darknets as its model is far better for anonymity as opposed to tor. i2p will never be better than TOR. i2p is slow as fuck, written in Java and unreliable for those stuck behind firewalls or dns settings they have no control over.
Jaxon Lopez
>le funny meme video dark weeb very secret and bad fuck off
>So how do people get trapped in them? Through scripts, timing, using Tor from an unsecured everyday machine with personal data, with a maximized window that gives away your screen resolution, etc, etc. Too many brainlets using tor, it's too easy.
It should only be run from a live USB with no personal data, from a place that's not your home, with the window not maximized, no scripts and preferably using another proxy untraceable to you for additional layering.
Jace Price
you're the brainlet.
Hunter Edwards
Tor is a browser Onion or rendezvous is the protocol do you know the difference between app and network protocol right?
Matthew Edwards
tor is a service. tor browser is a separate thing that bundles tor with firefox. people use that service with non browser applications too like irc for example
Adam Sanders
>rebirthed god Can it only be found on darkweb? I miss god.
Matthew Allen
this.
get tails. go to some free wifi spot with no video surveillance. get throw-away thinkpad. you should be good. don't visit the same wifi spot over and over again though. tie your tails usb to your wrist in case you have to remove it quickly from the usb port. dont be the only person using the wifi spot.
Hunter Rivera
>Tor is a browser holy fuck you are stupid. Tor = The Onion Router. It’s a network. You do know that the Tor Browser Bundle (TBB) didn’t always exist right? You used to use polipo and normal firefox.
Liam Ross
Post onion
Jeremiah Wood
avoiding honeypots is easy. just avoid black markets and pedoforums.
first you need to get a thinkpad. don't buy it online, search in shops like godwill (at least 50 miles from your home town). remember to wear disguise like glasses, fake contact lenses and a beard, talk with an accent pay in cash. then you get it librebooted, remove the hard drive. get an usb stick with hardware encryption and use it to run tails from (download the iso from a public wifi). then you go to a remote location at night (again wear a disguise) and preferably sit inside a car. DO NOT rent a car, they will get suspicious after they check where you've been and see that you spent x time sitting in one place. go into the trunk from the inside if you can, you don't want for anyone to see you. search for unprotected wifi networks, don't stay too long in one place. after you found one with decent signal you can fire up the tor bundle and do your thing.
afterwards you come home and deassembly the thinkpad. remove all parts (most importantly the ram) and throw it into fire for a bit. then take that out and leave it in garbage bin far away (at least 50 miles) from your house. again at night and remember to wear a disguise. you could also write a script that is supposed to do the thing you want it to do beforehand and leave the thinkpad in a bin while you're somewhere else to have an alibi.
save any relevant information on psychical paper, in bits (but in reverse order, or using an encryption method only you know). recreate the information at home on an another thinkpad with the same setting, burn the papers.
next you want to change your appearance in case you were seen. shave your head, burn all the clothes you were using for the last week etc. you want to stay under the radar, don't let your neighbours see you. remember to go to the church each sunday, don't let anyone suspect you were doing something.
tor over vpn y/n? >have your isp know you're accessing tor >they WILL share this data with the intelligence services because they have to vs >use a vpn before connecting to tor >isp knows you're accessing vpn but that itself is not a big deal (you might be only accessing netflix from a shithole country or something) >the vpn provider won't necessarily share the data if it's located in a 3rd world country like russia (no 14-eyes) >but they can just sell it (i'd imagine cia niggers are buying all info about tor users from vpn providers) so it's your isp who WILL work against you or VPN provider which MIGHT work against you, what do you think?
Connor Ramirez
>Get a shit laptop >Buy it in store not online >Disable onboard wifi card, get a shitload of usb wifi cards >Only use usb wifi cards and change them every month. > Put linux on the laptop >Connect to kali repo and download the shit >Get a shitload of VPS >Make sure VPS is in africa >Make a VPN, email server, and anything else you want with African VPS >Use tor >Use public wifi or neighbors wifi to do shit >Use noscript and disable javascript. Remove the ability to save cookies. >clear cashe when you turn off tor >Use bitcoin and cryptocurrency to buy shit online. never use your real address. > Buy a bunch of laptop hard drives >once in a while replace the hard drive and destroy the old one with a magnet unless you need to save some shit that isn't from tor. >NEVER USE YOUR REAL NAME >Buy burners (Make sure no 3g only 2g) >Only use them a month after buying them >After using the burner once throw it away There you fucking go anons You can be somewhat safe on the internet now.
Luke Gray
Thanks. Have you checked it out? Is it like the original one?
Gabriel Flores
>they WILL share this data with the intelligence services because they have to
Lolno, unless they are forced to by law (and in Western countries there's no law mandating what you say) ISPs don't have an interest in tracking client network use if they can't sell it to data merchants, as they do in the US. When the UK government passed an internet snooping law a few years ago it had to budget for operational compensation for ISPs due to the associated costs of blanket monitoring, and faced with the concerns of small ISPs it was explicitly said they shouldn't bother to set anything up unless law enforcement asked them to. Point became moot anyway when the law was declared incompatible with EU privacy law, although if the UK successfully leaves the EU the Tories & Labour will finally be able to implement their 1984 schemes unhindered.
