Bitcoin Forum

I am currently using Firefox but i want to use TOR browser to login Bitcointalk. Is it safe to use TOR browser as i heard it is a dark web browser where hackers can hack our credentials and information ?

Using tor browser has nothing to do with Dark net. Good people use it to protect their privacy. You can use VPN as well.

Hacking your credential has nothing to do with TOR browser as well.
Hacking can happen if you are not aware of the security measures that one needs to know to use internet. There are phishing attempts, pop ups, unwanted malware visiting risky sites ans some many things. Anyone can inject a piece of program and can risk your security if you are not aware about minimum required knowledge when your are browsing online.

Are you saying you wan to use firefox with Tor connection?

Tor Browser is more used for the privacy purpose. If you want to protect your identity online then tor is for you. If you think that login is not secure, then you are wrong.  But you should ensure that SSL/TLS is enabled for the site where you are logging.

You can gain more information about privacy browsers here. https://www.privacytools.io/browsers/

I am asking only about the standalone TOR browser and what you mean by good people use TOR ? so it means bad people use other browsers  ???

If you are currently using firefox except you have or are encountering challenges using it. You don't have to switch to a browser you have heard things that is a threat to you account even if they might not be all correct still you shouldn't take the gamble

I don't know what 'dark web browser' is... but yes you can use Tor browser for Bitcoitnalk if you care about privacy.

If the Firefox you are using now is reliable and you feel safe and comfortable, why have you tried other like TOR browser ?
I think you just want to prove that what you heard about the TOR browser is wrong, if it's true then follow this advice.

As mentioned using a VPN is an alternative although for added privacy
using tor through a VPN gives extra privacy.

Firefox has good privacy features and I currently use this through PROTONVPN

Why do you want to use TOR while you obviously know nothing about it?

Tor works by anonymizing your connection through the use of nodes which bounces your traffic within the nodes before having the traffic exit through a node called exit node. Your traffic is encrypted while it is transferred within the tor network and when it exits through the exit node, the only encryption of your traffic is by the SSL that Bitcointalk uses.

This means that the final exit node can see the traffic in plaintext if your traffic isn't encryption. Since Bitcointalk implements HSTS and that Tor has HTTPS Always built in, it isn't that big of a problem. Your privacy is definitely guaranteed by the proper use of Tor and that should be your only aim if you're using Tor.

First place to start with Tor browser is reading its guide, in particular the General FAQ (https://2019.www.torproject.org/docs/faq.html.en)
Second place to learn more: Overview on browsers. Which one should we use? Support free web while browsing. (https://bitcointalk.org/index.php?topic=5156114.0)

If you really want to use TOR, then maybe you can initially opt to install Brave Browser and chose Private Window with Tor. But if you want full pledge security, then you can try the Tor Browser instead but it will have differences with browser capability as compared with Brave Browser which has more features bundled within.

For more information, kindly visit this link: https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor- (https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor-)

Using TOR browser to browse bitcointalk won't affect you at any stage, you might have issues if you try to sign up with TOR browser due to evil points.

TOR is not darkweb, it's just a browser which keeps changing its IP location but if you want to enter into darkweb you need to have onion URLs for the site you wanted to visit.

Lots of misinformation in this thread.

Using Tor will allow you to access .onion sites which are on the dark web, but it also allows you to browser any other "normal" website too. Usual security practices apply, and simply using Tor browser doesn't put you at any higher risk of being hacked than using any other browser, unless you go around downloading random software from unknown sites. Tor is much safer than any other browser "out of the box", since it has HTTPS Everywhere and NoScript installed as default, but obviously these can be installed on any other good browser too.

Lots of good and bad people use every browser.

VPNs only obscure your IP address from the site you are connecting to. They are generally poor for privacy since your VPN provider can see both your real IP and your traffic, so you are trusting them to not do anything malicious with that data. Many people also pay for VPNs using fiat which is entirely traceable to your real name and address. Using a VPN and Tor together can often make your privacy worse, not better.

Brave browser, with or without Tor, is a very poor choice if you are worried about privacy.

If you are going to be using Tor, then it might be worthwhile bookmarking your captcha bypass login link that you can access here (https://bitcointalk.org/captcha_code.php), as otherwise you'll be filling in captchas for 10 minutes every time you want to log in.

I agree, that is why I have also pointed out the possibility of using the Tor Browser itself if OP wants to have more privacy as stated in my previous post.

This is a little misinformation too. Sometimes I can log in with Tor browser within several seconds, with my first attempt. In contrast, sometimes I have to spend around several minutes (maybe longer than 10 minutes, up to 30 minutes - in such cases I get mad with failed attempts) after so many failed attempts - that what you mentioned correctly.

For capcha code, I have my videos for newbies here: CapchaBypass for accounts on Bitcointalk.org (https://youtu.be/k0kBvOXizhg)
Some of my notes:

tranthidung's Youtube videos for bitcointalkers. Welcome newbies! (https://bitcointalk.org/index.php?topic=5202970.0). I have plans to make more videos after managing skills to make better videos.

Lots of informative and confusing information in this thread but for now clear my two questions please.

1- Does this means that using only TOR is the best way to protect the privacy ?

2-Does this also means that those companies asking for dollars to provide premium vpn services can be replaced by just using the free TOR browser ?

Depends. The Tor network uses relays which changes every so often so that you aren't going to the same end node. However, using a VPN would mean you would always be sending your data to the same end point which would be your VPN provider which likely has your payment details unless you have paid with Bitcoin. Paying with Bitcoin or any other cryptocurrency which isn't associated with your personal information would be a good approach to privacy. However, many users don't do this, because Bitcoin isn't that well suited for small fee transactions.

With Tor, and VPN's it normally comes down to how you use them when concerning privacy. They can be used together, and its certainly a better solution to just using a normal IP address, but you have to be careful how you use it.

Well if you only visit websites as what you regularly visit on normal browsers and you just use TOR for privacy you won't have to worry about anything about others infiltrating your device. TOR is just a browser that is capable of accessing websites in the dark web and it's not capable of giving you malware directly. Still you need to learn the best way to protect your information and money is by not visiting unsafe websites, clicking suspicious links, and downloading suspicious files, it doesn't matter what browser you choose since this is what you need to do to prevent breaches from happening.

Depends who you are looking to protect your privacy against. VPNs encrypt all traffic between your computer and the VPN server. If you are looking to protect yourself while on a public WiFi for example, or hide your internet activities from your ISP, or any traffic outside a browser (torrenting, communication apps, phone calls, etc.), then they are a good choice. They also hide your true IP from the website or service you are connecting to. However, you have to place full trust in your VPN provider to not be spying on your traffic or keeping logs, and as I mentioned above, most people pay for their VPNs using fiat or non-anonymized crypto, meaning the VPN provider knows your real identity and can therefore link you to all your traffic. I pretty much always use a VPN for a variety of reasons, but they do not guarantee anonymity by any means.

If you want true privacy, then yes, you should be using Tor. If you connect to your VPN first and then to Tor, there is little difference in privacy over using Tor alone. If Tor is blocked in your country, or you wish to hide the fact you are using Tor from your ISP, then sure you can achieve this using a VPN, but you can also achieve this using Tor bridges +/- pluggable transports. If you connect to Tor first, and then to your VPN, then you have negated the entire point of using Tor in the first place since all your traffic will exit from the same node (your VPN provider), who will be able to see all your traffic.

You -> VPN -> Dest is often better than nothing, but definitely can't be relied upon if you need actual anonymity. The VPN can see everything you do, the destinations can see that you always come from the same VPN, and you're probably leaving tons of other traces because you're not using Tor Browser. Note that this might in some cases be worse than nothing if you trust your VPN less than your ISP; for example, IMO Cloudflare's VPN is more likely to have its traffic analyzed en masse by the NSA than your native ISP's traffic.

You -> Tor -> Dest is better than just a VPN, but there are many known attacks which can be used against Tor, plus possible 0-days against the browser, so you can never feel 100% anonymous. Also, even if you treat Tor as perfect, it's really difficult to remain consistently anonymous; for example, you might via Tor use the same email address to order something shipped to you as you use to speak out against your oppressive government, and that's a link that can be exploited. Even though Tor is pretty flawed, being far behind state-of-the-art research, it's these non-Tor anonymity failures which almost always get people. This was the case for Ross Ulbricht, for example. As I always say: if you think that you're perfectly anonymous, then you're wrong. Think of even the best anonymity tech as a light bulletproof vest which will increase your survivability a bit, not as an impenetrable wall.

You -> VPN -> Tor -> Dest protects against certain attacks where Tor nodes are considered evil, but can totally screw you if your VPN is evil. It might make sense if you trust your VPN more than a random Tor node. The VPN acts similar to a Tor guard node in this case. In fact, it'd be most efficient if the VPN actually allowed you to use it as a fixed Tor guard node so that you don't have a useless extra node in the Tor circuit, but nobody does this.

You -> Tor -> VPN -> Dest is much worse than Tor alone because the VPN can link all of your traffic together, whereas with Tor you change your exit node constantly. (It's also difficult to actually accomplish because VPN software isn't usually set up to support this, and VPNs are often- & best-done over UDP, which Tor doesn't support.) What would be useful would be if you could pay via blinded bearer certificates for access to a whole constellation of exclusive paying-only Tor exit nodes, but nobody does this, either... Anonymity research is pretty immature, but actually-implemented anonymity tech is far behind even what is known to be possible.

Much like bitcoin security practices, when it comes to any privacy set up (Tor, VPN, both, or something else entirely), it is usually user error which results in failure. Tor is obviously meaningless if you use the same email for both activities frowned upon by your government as well as your real information, as in your example. Another example which I've seen a couple of times is people forgetting to use Tor all the time. You only have to log in to an account, website, service, etc. once without Tor for them to be able to link all the activity on that account to your real IP.

If you are worried about a three letter agency having the resources to be able to set up and maintain enough Tor entry guards that you are likely to use one (and enough Tor exit nodes to be able to deanonymize your traffic), then said agency is not going to be stopped by a $5 a month VPN provider.

That's not an assumption I'd necessarily make. With Tor, you're getting a "random" Tor node, weighted to favor high-bandwidth nodes and by other factors.  If you choose a VPN in a trustworthy country, with a trustworthy record, then that's potentially safer. Attacks to covertly fill Tor with attacker nodes have been done in the past (https://arxiv.org/abs/1602.07787) (see section 5.1 for the most interesting info). Attackers don't need to get anywhere near filling Tor 50% with their nodes, since you pick random nodes all the time: just 2 attacker nodes can be enough, though with low probability.

Also, Tor is fundamentally a centralized network: you can't be a Tor node on the mainnet Tor network without the approval of the Tor directory authorities. The authorities are run by people associated with, and using rules largely set by, the Tor Project. I don't know if I really believe this, but considering how weak Tor is compared to the state-of-the-art research and how poorly-thought-out the Tor Project's overall strategy has tended to be, I've thought that Tor could be an incredibly subtle "controlled opposition" operation. It wouldn't be necessary to control every single person in the Project, just influence things enough to make progress in less important rather than more important directions, slightly bias directory authorities in sane-looking ways which actually help attackers, etc. (I admit that this is quite the conspiracy theory.)

What is your goal to use TOR Browser?
Bitcointalk can be accessed very easily without having to use the TOR Browser.
The TOR browser has negative and positive sides depending on how you use it.

Positive Side of TOR Browser: Tor Browser is able to access services that are blocked by several internet providers without the need for additional plugins or third-party applications. TOR also provides anonymity for people who browse the web without being tracked by the internet service providers they use and other parties.

Negative Side of TOR Browser: TOR Browser does have a dark side, but the dark side of the browser TOR does not originate from the TOR Browser itself, but it comes from other places that are explored using the TOR Browser. The Dark Web or the Deep Web is a dark spot on the part of the internet that is used to carry out illegal activities such as drug transactions, human trafficking, prostitution and other illegal activities that are against the law.

Well, Is TOR Safe to be used by ordinary people?
The easiest and simplest answer is Can be safe or not

The TOR Browser software itself is safe to use and has a basic anonymity function that is able to hide your online identity. But if the TOR Browser is used to open the Dark Web or Deep Web then this will threaten your security, because there are many dangers of Malware, viruses and phishing lurking.

Conclusion:
TOR Broweser is the most extreme method used to hide online identity. TOR Browser is only used by people who really need it, not for ordinary people who use an ordinary brochure. Tor may not be an option for laypeople to use, because it is associated with a risk that threatens the Dark Web or the Deep Web.

I thought you could be a TOR node in a decentralized way, I was wrong.
Is there any alternative to navigate anonymously as good as TOR?
No VPN, No Proxy.

Not really, Tor's the best there is currently. Someone could definitely make something much better, though.

Qubes OS + Whonix is a pretty good alternative compared to just using the Tor browser on Windows.


Ross Ulbricht made some pretty bad mistakes, if anything it's more of a surprise why he wasn't caught sooner. But some have been caught by things as seemingly innocuous (to an average person) as their writing style that could be connected to their real identity.

You don't even need to install and run TOR to access .onion "scary deep web" links, you can view them with about any browser if you want to by changing the .onion to something I forget..

"Whenever you see a URL like http://duskgytldkxiuqc6.onion/, that's a Tor Onion service. Just replace .onion with .onion.to or .onion.city or .onion.cab or .onion.direct or any other domain made available by volounteers Tor2web operators Example:" https://www.tor2web.org/

So TOR is not some dangerous to run scary deepweb monster.. You can also use TOR to (more) anonymously browse the regular internet and maybe read some things that you wouldn't want anyone to know you were studying..
Like reading wikipedia articles on Democracy from China..


I see no reason not to try TOR out as you would use any browser, just don't do anything illegal and your fine to try it..

What it would do for you using TOR to login and browse BitcoinTalk is not let BTCT know your real IP, but only if you NEVER use your real IP on that account you logged into, or they gotcha..

Terrible for privacy and you have to trust the gateway owner not to manipulate any content he's serving you.


Or to avoid informing your ISP to which domains you're connecting to.

There is also I2P alternative for TOR, but it needs more development.
https://geti2p.net/en/comparison/tor

If someone wants to be totally anonymous only way is to stop using smartphones and social networks with google and youtube.
Question is, how many people are willing to do that?

Interesting websites with alternatives you can use to reduce tracking:
https://prism-break.org/
https://www.privacytools.io/

No.


1) https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-1-myth-busting-tor

2) https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-2-onion-recipes-vpn-not-required

I wouldn't say "all the time". Sure, you pick new middle and exit nodes randomly every 10 minutes, but the average lifespan of an entry guard is 120 days, so unless an entry guard loses its guard status or is attacked and taken offline, you will only choose 3 new entry guards a year. An attacker would also have to bring down every guard on your guard list before you would connect to a brand new guard.

This is nonsense, and is essentially the "Why worry about privacy if you have nothing to hide" argument. If Tor was only used for illegal activities as you suggest, then no one would use it as doing so would make it blatantly obvious that you were doing something illegal. Plenty of people use Tor all the time for a variety of reasons. Furthermore, the deep web is accessible from any browser, it just isn't indexed. It is not synonymous with the dark web. Saying Tor is a risk because you could download malware from the dark web is the same as saying owning a phone is a risk because a scammer might call you.

I've been using Qubes as my main OS for years now.

I take advantage of the structuring of the VM's to make it less likely that I make human error de-anonymization mistakes when using Tor. I use a disposable whonix VM with the Tor Browser for alot of my web access, especially just general browsing around, and have the Noscript plugin defaulting to javascript being completely off.

All the VM's have colored window borders, so it's quick and easy for me to see when I'm using a VM that's connected by clearnet, or through the whonix Tor gateway.

and the standard whonix gateway is configured to use different routes for different VMs, and also to use Torsocks with various commands (e.g. wget) that aren't designed to use Socks proxies.



I2P would be nice if:

• the main client wasn't Java based. The JVM itself has been a security disaster for years now
• the alternative C++ client was being developed by people who don't write in the Cyrillic alphabet. Trying to figure out their github repo is nightmarish, who knows what's going on?

I like the idea of I2P in principle, not so sure about the reality just yet



There should be ways to bridge out of I2P and back in again. Bitcoin is set to add a new IP announce format with a field designed to be big enough for v3 Tor hidden services and I2P hidden service IP formats (as well as CJDNS)

I bet you could, I also bet I couldn't understand it if you were the architect

Hackers can hack our credentials from chrome, firefox , IE as well. The onion router TOR is mainly used to remain anonymous while you go on internet.

This is basically what I was trying to say..


What do you guys think about using TOR from Windows 10?, compared to Win 7, Ubuntu, or even Tails?
Is it bad to run TOR on Win 10? Dangers?

I'm barely tech savvy enough to make Tails work, I'm ashamed to admit.. It's always something that doesn't work right...
I had an old version of tails and remember it being "better" from my perspective as in it just worked and worked right every time without a bunch of messing around compared to the new one, which doesn't like being installed on something not "removable", bunch of glitches like pixilated screens when loading, and internet adapter problems, can't even get the Ethernet to work on my Alienware with Tails much less wifi for some reason but works if I boot it on some other computers.. It doesn't even work the same way consistently it seems..

Ugh.. It's not my thing I guess, IDK.. I think I kinda understand the ideas behind it but suck at actually doing it and dealing with all the bugs in almost any linux I have ran..

Qubes OS + Whonix is like out of my league..
I tried putting Qubes on a portable HDD recently actually and couldn't even get it to boot and gave up immediately, lol..

well, seeing as Microsoft have taken to telling everyone "We spy *ahem* collect data from everything you do on Windows!!", I don't think you have much of a guarantee that Tor Browser is secure on Windows. I mean, it works, but that's irrelevant if Microsoft are listening to everything that's happening at the OS's end.



sounds like that one laptop doesn't have drivers for its network devices in standard Tails. This can be worse for new hardware, as Linux devs just haven't gotten round to adding support for brand new devices yet. Which means using older hardware is more likely to work without having to go to extra lengths



You need specific features on your CPU for latest Qubes (VT-d and SLAT, or the AMD equivalent of those).

Best thing is to base your choice of computer around Linux for a Linux machine (same especially goes for non-standard peripherals, such as printers, research models that are known to work with Linux before buying).

Pretty much this.

I've talked about this a couple of times before, and I'll quote one of my previous replies below with links to some interesting articles. Basically even with Windows 10 heavily customized to minimize telemetry and monitoring, it still monitors way more than is reasonable.

I sometimes use Tails from a removable drive, but I wouldn't recommend using it as your standard all-the-time OS. Better to choose something like Ubuntu or Linux Mint. You can always set up a dual boot as well so you can return to Windows as needed if you can't get something working properly on Linux.

I won't be in the slightest bit surprised if Microsoft announce in, say, 3-4 years:

"terribly sorry kids, it seems we were accidentally recording every keystroke and capturing from your webcam 24/7 anyway, some pesky bug!". I expect some people might actually buy that line a couple times before they finally figure out what Microsoft are really saying

I mean, even although it's common knowledge that Google stick their noses in to every single aspect of your lives if you give them even half a chance, they still manage to have a few "accidents" along the way:

Oops, we've accidentally be recording and listening to your conversations! (https://www.theguardian.com/technology/2019/jul/11/google-home-assistant-listen-recordings-users-privacy)
Silly us, we've accidentally been examining the traffic (https://www.theguardian.com/technology/2010/may/15/google-admits-storing-private-data) from your WiFi networks.
We even forget to tell you we hide microphones we don't tell you about (https://www.rt.com/usa/452018-google-nest-spy-microphone/) inside our hardware! We are such airheads!

And yet Chrome remains the most popular web browser by far, Google remains the most popular search engine by far, Android remains the most popular mobile OS by far, and people continue to be more than happy to pay for the privilege of bugging their own homes with devices which are spying on them.

I'm fairly sure that if Microsoft did come out with something like that, it would be forgotten within a week and wouldn't hurt their bottom line whatsoever.

Maybe,
but I think much greater danger are Smartphones.
Google is collecting much more information than Microsoft could ever imagine.
That includes your location, voice and text conversations, and who knows what more...

The term "conspiracy theory" is itself a psyop invention, a magic expression designed to have the power of aborting any discussion just by introducing the dogmatic judgement that someone is a paranoic crackpot, thus unabler to think clearly. Apart from this, I agree on everything. In fact, if THEY CAN infiltrate and control the Tor project, why wouldn't they actually do it? If they can, be sure that they will do it - or more likely, that they've already done it.

The TOR network is similar to a VPN. Messages to and from your computer pass through the Tor network rather than connecting directly to resources on the Internet. But where VPNs provide privacy,
And you can also visit .onion( Deep net ) website through Tor browser
It means Tor provides anonymity,

hope you understand what is TOR  ;D

No. Tor and VPNs are not that similar, and VPNs are poor choice for general privacy reasons. .onion sites are on the dark web, not the deep web - the terms are not synonymous. Using Tor alone does not provide anonymity by any means, for example if your OS is spying on you or your computer is infected with malware.

I would suggest reading the other posts in this thread before replying.