how anonymous/Safe is TOR


2 years ago
say. Curiosity get's the better of me. Cause it has before, (i'v done some pretty dumb things for curiosity during my youth, though never anything illegal, except maybe smoking weed, or being in place i wasn't suppose to) . And say shit hits the fan, and I go on the the contraband site, and child porn part of TOR. with Tor default browser settings. Would I get FBI, or cops raiding my house within the week. And for arguments sake I live in canada. would that ever happens

2 years ago
Sometimes there are stories like this:
http://thehackernews.com/2013/08/Firefo ... sting.html
http://arstechnica.com/security/2013/08 ... tor-users/

So as for me, isolated environment is also a must.

In Whonix you can use any OS as a "second guest system" and route all it's traffic transparently to TOR. Even if your guest OS is compromised, there is no way to determine real IP since it is never used inside. The only way is to break VirtualBox and pop-out from there, but this is far more paranoid scenario.

...but not totally impossible. :twisted:

2 years ago
Okay so If I use TOR in conjunction with Whonix, and let's say buy some drugs, visit CP, Contraband, buying credit card info, buying guns...... etc.. using worse case scenario's as an example not/probably won't do them, though tbh, might get me some weed ;) Would my ISP know and contact the authorities. As far as I know canada does not have any sting operations

2 years ago
Despite the fact you are using Tor (which is not illegal) your ISP knows nothing about your traffic. No IP or web addresses, no data, nothing. It doesn't even know whether this is your traffic or just a some transit.

There are several techniques to hide Tor inside other traffic (Skype morph, Tor over VPN). Also you can use Tor bridge to avoid direct connection to IP listed in public Tor database (this is how your ISP knows you are using Tor). But all this is useful in countries like North Korea, not in Canada :lol:

So, technically speaking Tor itself is secure enough. But if we are talking about global surveillance, you should keep in mind that "the end point" - the server you are connecting to - could also be compromised or even hosted by Feds. So any data you submit there (like your home address when ordering drugs delivery :lol: ) could potentially fall into wrong hands. Of course, you HAVE TO trust your dealer and provide him with correct address, otherwise you won't get your stuff. But at least don't post it in plain text. Ask him for PGP keys and encrypt everything you send, even if you think that the marketplace is 100% honest and secure. Don't rely on someone's promises to erase logs. ;)

2 years ago
It is probably already clear from the replies above, but Tor does NOT defend you from revealing your own identity. It doesn't provide end-to-end encryption on regular servers, the last tor relay (the exit node) sees your traffic comming in and out, except it can't link it to your IP address.

There is a nice guide here on the forums that may help you (viewtopic.php?f=4&t=21285), but I believe anonymity requires you to be careful. I think the Tor browser bundle is probably a very good bet for internet browsing, but in any case, I think it may be a little to easy for you to accidentally reveal your identity if you don't know how Tor works, how HTTP works or what you are doing. This is coming from a programmer's perspective though. You could always believe in Tor and have faith. ;)

I personally wonder though how much good transparently routing all your traffic through Tor would do. If you have applications installed that could communicate with a server (if you're aware of it or not), that don't encrypt their communication and include some information about your system, ip or personal information, that 'might' link you with it.

Keep in mind that the internet is not a trust-less network. Servers get hacked, emails get sold, and then there is the NSA. Also, if you are going to buy weed online, at least one person needs to know your address, and even if you encrypt that, you have to put trust the fact that he won't be sloppy and accidentally leaks the information. Not that I have any experience though, weed is more or less legal here...

Ok, hope this all didn't sound overly paranoid, but hope it helps.

2 years ago
thank, you all for all your help, and responses. so basically unless i do something to reveal my own identity, I am not compromised to my ISP, except some data when going through exit nodes, which from reading this can not be stopped if I have understood correctly.

2 years ago
some data when going through exit nodes, which from reading this can not be stopped
"tealsack"

It can by https.

2 years ago
thank, you all for all your help, and responses. so basically unless i do something to reveal my own identity, I am not compromised to my ISP, except some data when going through exit nodes, which from reading this can not be stopped if I have understood correctly.
"tealsack"
I think you understood correct mostly. However, if you want your data to be hidden even from the exit node, you can. If your connection you are trying to have with the end-server is encrypted, the exit node will also see your information as encrypted data.
Like said before me, when you access a website with https:// in your url, this means you'll be communicating with the server in encrypted form, and the exit node will only see the encrypted data.

It is probably safe, but like any form of encryption, it needs a key of some sort. You need to have trust in the fact that you have the correct key. In the case of HTTPS, you fetch this key from a certificate authority (CA) that your system or web browser (or you) trust.
Why am I telling you this? It is just to clarify that trust is key here. Someone could still comprise a CA which allows him to perform a man-in-the-middle attack to read your data passing through.

In the case of buying something from someone, you could use encryption to talk in private, but it would be wise to think about how you are going to exchange keys.

Tor only protects you from the fact that you identify yourself on the internet with an IP address, while you don't want to identify yourself.

2 years ago
Today I had an experience that convinced me that, unfortunately TOR can not be trusted at all, ana I doubt that there ias even 10% anonymity with Tor.
I was writing in an ordinary forum, using Tor, with www.ip-check.info telling me that e.th. is OK.
After I posted a message, almost in seconds, the moderator of the forum, writes to me ''Why do you use Tor, your real ip is ... so and so, and your from X" - which was exact. What can possibly leak this information?
I don't use flash, javascript is off, and if a simple moderator of a forum in a 3rd world country can find out that info, what remains for the State authorities?
I dont know. I must seek I guess some other solution for anonymity.

Do you trust TOR?

last year
If anyone wants drugs, I can supply.

http://agorahooawayyfoe.onion/vendor/DrDooms


You will be getting great products with very discrete shipping.


~DrDooms~

Reply

You are not logged in. Login or register to reply on this thread.