Use of TOR Browser for Bitcointalk

[theymos]

You -> VPN -> Dest is often better than nothing, but definitely can't be relied upon if you need actual anonymity. The VPN can see everything you do, the destinations can see that you always come from the same VPN, and you're probably leaving tons of other traces because you're not using Tor Browser. Note that this might in some cases be worse than nothing if you trust your VPN less than your ISP; for example, IMO Cloudflare's VPN is more likely to have its traffic analyzed en masse by the NSA than your native ISP's traffic.

You -> Tor -> Dest is better than just a VPN, but there are many known attacks which can be used against Tor, plus possible 0-days against the browser, so you can never feel 100% anonymous. Also, even if you treat Tor as perfect, it's really difficult to remain consistently anonymous; for example, you might via Tor use the same email address to order something shipped to you as you use to speak out against your oppressive government, and that's a link that can be exploited. Even though Tor is pretty flawed, being far behind state-of-the-art research, it's these non-Tor anonymity failures which almost always get people. This was the case for Ross Ulbricht, for example. As I always say: if you think that you're perfectly anonymous, then you're wrong. Think of even the best anonymity tech as a light bulletproof vest which will increase your survivability a bit, not as an impenetrable wall.

You -> VPN -> Tor -> Dest protects against certain attacks where Tor nodes are considered evil, but can totally screw you if your VPN is evil. It might make sense if you trust your VPN more than a random Tor node. The VPN acts similar to a Tor guard node in this case. In fact, it'd be most efficient if the VPN actually allowed you to use it as a fixed Tor guard node so that you don't have a useless extra node in the Tor circuit, but nobody does this.

You -> Tor -> VPN -> Dest is much worse than Tor alone because the VPN can link all of your traffic together, whereas with Tor you change your exit node constantly. (It's also difficult to actually accomplish because VPN software isn't usually set up to support this, and VPNs are often- & best-done over UDP, which Tor doesn't support.) What would be useful would be if you could pay via blinded bearer certificates for access to a whole constellation of exclusive paying-only Tor exit nodes, but nobody does this, either... Anonymity research is pretty immature, but actually-implemented anonymity tech is far behind even what is known to be possible.

[1715196264]

1715196264

[1715196264]

1715196264

[o_e_l_e_o]

it's these non-Tor anonymity failures which almost always get people

Much like bitcoin security practices, when it comes to any privacy set up (Tor, VPN, both, or something else entirely), it is usually user error which results in failure. Tor is obviously meaningless if you use the same email for both activities frowned upon by your government as well as your real information, as in your example. Another example which I've seen a couple of times is people forgetting to use Tor all the time. You only have to log in to an account, website, service, etc. once without Tor for them to be able to link all the activity on that account to your real IP.

It might make sense if you trust your VPN more than a random Tor node.

If you are worried about a three letter agency having the resources to be able to set up and maintain enough Tor entry guards that you are likely to use one (and enough Tor exit nodes to be able to deanonymize your traffic), then said agency is not going to be stopped by a $5 a month VPN provider.

[theymos]

If you are worried about a three letter agency having the resources to be able to set up and maintain enough Tor entry guards that you are likely to use one (and enough Tor exit nodes to be able to deanonymize your traffic), then said agency is not going to be stopped by a $5 a month VPN provider.

That's not an assumption I'd necessarily make. With Tor, you're getting a "random" Tor node, weighted to favor high-bandwidth nodes and by other factors.  If you choose a VPN in a trustworthy country, with a trustworthy record, then that's potentially safer. Attacks to covertly fill Tor with attacker nodes have been done in the past (see section 5.1 for the most interesting info). Attackers don't need to get anywhere near filling Tor 50% with their nodes, since you pick random nodes all the time: just 2 attacker nodes can be enough, though with low probability.

Also, Tor is fundamentally a centralized network: you can't be a Tor node on the mainnet Tor network without the approval of the Tor directory authorities. The authorities are run by people associated with, and using rules largely set by, the Tor Project. I don't know if I really believe this, but considering how weak Tor is compared to the state-of-the-art research and how poorly-thought-out the Tor Project's overall strategy has tended to be, I've thought that Tor could be an incredibly subtle "controlled opposition" operation. It wouldn't be necessary to control every single person in the Project, just influence things enough to make progress in less important rather than more important directions, slightly bias directory authorities in sane-looking ways which actually help attackers, etc. (I admit that this is quite the conspiracy theory.)

[taufik123]

What is your goal to use TOR Browser?
Bitcointalk can be accessed very easily without having to use the TOR Browser.
The TOR browser has negative and positive sides depending on how you use it.

Positive Side of TOR Browser: Tor Browser is able to access services that are blocked by several internet providers without the need for additional plugins or third-party applications. TOR also provides anonymity for people who browse the web without being tracked by the internet service providers they use and other parties.

Negative Side of TOR Browser: TOR Browser does have a dark side, but the dark side of the browser TOR does not originate from the TOR Browser itself, but it comes from other places that are explored using the TOR Browser. The Dark Web or the Deep Web is a dark spot on the part of the internet that is used to carry out illegal activities such as drug transactions, human trafficking, prostitution and other illegal activities that are against the law.

-snip- Is it safe to use TOR browser as i heard it is a dark web browser where hackers can hack our credentials and information ?-snip-

Well, Is TOR Safe to be used by ordinary people?
The easiest and simplest answer is Can be safe or not

The TOR Browser software itself is safe to use and has a basic anonymity function that is able to hide your online identity. But if the TOR Browser is used to open the Dark Web or Deep Web then this will threaten your security, because there are many dangers of Malware, viruses and phishing lurking.

Conclusion:
TOR Broweser is the most extreme method used to hide online identity. TOR Browser is only used by people who really need it, not for ordinary people who use an ordinary brochure. Tor may not be an option for laypeople to use, because it is associated with a risk that threatens the Dark Web or the Deep Web.

[th3nolo]

snip

I thought you could be a TOR node in a decentralized way, I was wrong.
Is there any alternative to navigate anonymously as good as TOR?
No VPN, No Proxy.

[theymos]

Is there any alternative to navigate anonymously as good as TOR?

Not really, Tor's the best there is currently. Someone could definitely make something much better, though.

[malevolent]

but there are many known attacks which can be used against Tor, plus possible 0-days against the browser, so you can never feel 100% anonymous.

Qubes OS + Whonix is a pretty good alternative compared to just using the Tor browser on Windows.

Also, even if you treat Tor as perfect, it's really difficult to remain consistently anonymous; for example, you might via Tor use the same email address to order something shipped to you as you use to speak out against your oppressive government, and that's a link that can be exploited. Even though Tor is pretty flawed, being far behind state-of-the-art research, it's these non-Tor anonymity failures which almost always get people. This was the case for Ross Ulbricht, for example. As I always say: if you think that you're perfectly anonymous, then you're wrong. Think of even the best anonymity tech as a light bulletproof vest which will increase your survivability a bit, not as an impenetrable wall.

Ross Ulbricht made some pretty bad mistakes, if anything it's more of a surprise why he wasn't caught sooner. But some have been caught by things as seemingly innocuous (to an average person) as their writing style that could be connected to their real identity.

[eddie13]

You don't even need to install and run TOR to access .onion "scary deep web" links, you can view them with about any browser if you want to by changing the .onion to something I forget..

"Whenever you see a URL like http://duskgytldkxiuqc6.onion/, that's a Tor Onion service. Just replace .onion with .onion.to or .onion.city or .onion.cab or .onion.direct or any other domain made available by volounteers Tor2web operators Example:" https://www.tor2web.org/

So TOR is not some dangerous to run scary deepweb monster.. You can also use TOR to (more) anonymously browse the regular internet and maybe read some things that you wouldn't want anyone to know you were studying..
Like reading wikipedia articles on Democracy from China..


I see no reason not to try TOR out as you would use any browser, just don't do anything illegal and your fine to try it..

What it would do for you using TOR to login and browse BitcoinTalk is not let BTCT know your real IP, but only if you NEVER use your real IP on that account you logged into, or they gotcha..

[malevolent]

You don't even need to install and run TOR to access .onion "scary deep web" links, you can view them with about any browser if you want to by changing the .onion to something I forget..

"Whenever you see a URL like http://duskgytldkxiuqc6.onion/, that's a Tor Onion service. Just replace .onion with .onion.to or .onion.city or .onion.cab or .onion.direct or any other domain made available by volounteers Tor2web operators Example:" https://www.tor2web.org/

Terrible for privacy and you have to trust the gateway owner not to manipulate any content he's serving you.

What it would do for you using TOR to login and browse BitcoinTalk is not let BTCT know your real IP, but only if you NEVER use your real IP on that account you logged into, or they gotcha..

Or to avoid informing your ISP to which domains you're connecting to.

[dkbit98]

There is also I2P alternative for TOR, but it needs more development.
https://geti2p.net/en/comparison/tor

If someone wants to be totally anonymous only way is to stop using smartphones and social networks with google and youtube.
Question is, how many people are willing to do that?

Interesting websites with alternatives you can use to reduce tracking:
https://prism-break.org/
https://www.privacytools.io/

[TheFuzzStone]

using tor through a VPN gives extra privacy.

No.


1) https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-1-myth-busting-tor

2) https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-2-onion-recipes-vpn-not-required

[o_e_l_e_o]

since you pick random nodes all the time

I wouldn't say "all the time". Sure, you pick new middle and exit nodes randomly every 10 minutes, but the average lifespan of an entry guard is 120 days, so unless an entry guard loses its guard status or is attacked and taken offline, you will only choose 3 new entry guards a year. An attacker would also have to bring down every guard on your guard list before you would connect to a brand new guard.

TOR Browser is only used by people who really need it, not for ordinary people who use an ordinary brochure. Tor may not be an option for laypeople to use, because it is associated with a risk that threatens the Dark Web or the Deep Web.

This is nonsense, and is essentially the "Why worry about privacy if you have nothing to hide" argument. If Tor was only used for illegal activities as you suggest, then no one would use it as doing so would make it blatantly obvious that you were doing something illegal. Plenty of people use Tor all the time for a variety of reasons. Furthermore, the deep web is accessible from any browser, it just isn't indexed. It is not synonymous with the dark web. Saying Tor is a risk because you could download malware from the dark web is the same as saying owning a phone is a risk because a scammer might call you.

[Carlton Banks]

Qubes OS + Whonix is a pretty good alternative compared to just using the Tor browser on Windows.

I've been using Qubes as my main OS for years now.

I take advantage of the structuring of the VM's to make it less likely that I make human error de-anonymization mistakes when using Tor. I use a disposable whonix VM with the Tor Browser for alot of my web access, especially just general browsing around, and have the Noscript plugin defaulting to javascript being completely off.

All the VM's have colored window borders, so it's quick and easy for me to see when I'm using a VM that's connected by clearnet, or through the whonix Tor gateway.

and the standard whonix gateway is configured to use different routes for different VMs, and also to use Torsocks with various commands (e.g. wget) that aren't designed to use Socks proxies.

There is also I2P alternative for TOR, but it needs more development.

I2P would be nice if:

• the main client wasn't Java based. The JVM itself has been a security disaster for years now
• the alternative C++ client was being developed by people who don't write in the Cyrillic alphabet. Trying to figure out their github repo is nightmarish, who knows what's going on?

I like the idea of I2P in principle, not so sure about the reality just yet

Unlike Tor, you can't access regular website/domain with I2P.

There should be ways to bridge out of I2P and back in again. Bitcoin is set to add a new IP announce format with a field designed to be big enough for v3 Tor hidden services and I2P hidden service IP formats (as well as CJDNS)

[TMAN]

Someone could definitely make something much better, though.

I bet you could, I also bet I couldn't understand it if you were the architect

[fuguebtc]

I am currently using Firefox but i want to use TOR browser to login Bitcointalk. Is it safe to use TOR browser as i heard it is a dark web browser where hackers can hack our credentials and information ?

Hackers can hack our credentials from chrome, firefox , IE as well. The onion router TOR is mainly used to remain anonymous while you go on internet.

[eddie13]

If Tor was only used for illegal activities as you suggest, then no one would use it as doing so would make it blatantly obvious that you were doing something illegal. Plenty of people use Tor all the time for a variety of reasons. Furthermore, the deep web is accessible from any browser, it just isn't indexed. It is not synonymous with the dark web. Saying Tor is a risk because you could download malware from the dark web is the same as saying owning a phone is a risk because a scammer might call you.

This is basically what I was trying to say..


What do you guys think about using TOR from Windows 10?, compared to Win 7, Ubuntu, or even Tails?
Is it bad to run TOR on Win 10? Dangers?

I'm barely tech savvy enough to make Tails work, I'm ashamed to admit.. It's always something that doesn't work right...
I had an old version of tails and remember it being "better" from my perspective as in it just worked and worked right every time without a bunch of messing around compared to the new one, which doesn't like being installed on something not "removable", bunch of glitches like pixilated screens when loading, and internet adapter problems, can't even get the Ethernet to work on my Alienware with Tails much less wifi for some reason but works if I boot it on some other computers.. It doesn't even work the same way consistently it seems..

Ugh.. It's not my thing I guess, IDK.. I think I kinda understand the ideas behind it but suck at actually doing it and dealing with all the bugs in almost any linux I have ran..

Qubes OS + Whonix is like out of my league..
I tried putting Qubes on a portable HDD recently actually and couldn't even get it to boot and gave up immediately, lol..

[Carlton Banks]

What do you guys think about using TOR from Windows 10?, compared to Win 7, Ubuntu, or even Tails?
Is it bad to run TOR on Win 10? Dangers?

well, seeing as Microsoft have taken to telling everyone "We spy *ahem* collect data from everything you do on Windows!!", I don't think you have much of a guarantee that Tor Browser is secure on Windows. I mean, it works, but that's irrelevant if Microsoft are listening to everything that's happening at the OS's end.

I'm barely tech savvy enough to make Tails work, I'm ashamed to admit.. It's always something that doesn't work right...
I had an old version of tails and remember it being "better" from my perspective as in it just worked and worked right every time without a bunch of messing around compared to the new one, which doesn't like being installed on something not "removable", bunch of glitches like pixilated screens when loading, and internet adapter problems, can't even get the Ethernet to work on my Alienware with Tails much less wifi for some reason but works if I boot it on some other computers.. It doesn't even work the same way consistently it seems..

sounds like that one laptop doesn't have drivers for its network devices in standard Tails. This can be worse for new hardware, as Linux devs just haven't gotten round to adding support for brand new devices yet. Which means using older hardware is more likely to work without having to go to extra lengths

Qubes OS + Whonix is like out of my league..
I tried putting Qubes on a portable HDD recently actually and couldn't even get it to boot and gave up immediately, lol..

You need specific features on your CPU for latest Qubes (VT-d and SLAT, or the AMD equivalent of those).

Best thing is to base your choice of computer around Linux for a Linux machine (same especially goes for non-standard peripherals, such as printers, research models that are known to work with Linux before buying).

[o_e_l_e_o]

I mean, it works, but that's irrelevant if Microsoft are listening to everything that's happening at the OS's end.

Pretty much this.

I've talked about this a couple of times before, and I'll quote one of my previous replies below with links to some interesting articles. Basically even with Windows 10 heavily customized to minimize telemetry and monitoring, it still monitors way more than is reasonable.

I sometimes use Tails from a removable drive, but I wouldn't recommend using it as your standard all-the-time OS. Better to choose something like Ubuntu or Linux Mint. You can always set up a dual boot as well so you can return to Windows as needed if you can't get something working properly on Linux.

Even if you turn off all tracking and telemetry features, Windows 10 still tries to phone home a staggering 5,500 times in 8 hours. The additional use of third party tools designed to stop this did help a bit, but these researchers still reported 2758 connections in 30 hours.

Other researchers have similarly found that even when you disable Windows 10 features like Cortana, it is still logging your activity and sending it to Microsoft.

[Carlton Banks]

even with Windows 10 heavily customized to minimize telemetry and monitoring

I won't be in the slightest bit surprised if Microsoft announce in, say, 3-4 years:

"terribly sorry kids, it seems we were accidentally recording every keystroke and capturing from your webcam 24/7 anyway, some pesky bug!". I expect some people might actually buy that line a couple times before they finally figure out what Microsoft are really saying

[o_e_l_e_o]

-snip-

I mean, even although it's common knowledge that Google stick their noses in to every single aspect of your lives if you give them even half a chance, they still manage to have a few "accidents" along the way:

Oops, we've accidentally be recording and listening to your conversations!
Silly us, we've accidentally been examining the traffic from your WiFi networks.
We even forget to tell you we hide microphones we don't tell you about inside our hardware! We are such airheads!

And yet Chrome remains the most popular web browser by far, Google remains the most popular search engine by far, Android remains the most popular mobile OS by far, and people continue to be more than happy to pay for the privilege of bugging their own homes with devices which are spying on them.

I'm fairly sure that if Microsoft did come out with something like that, it would be forgotten within a week and wouldn't hurt their bottom line whatsoever.