Using TOR?

RARECJ8

Well-known member
Premium Member
Reading about the dark web, etc and researching TOR. anyone running this? Interesting concept.
 

braindead0

Ignore the machine
I've been involved in coding it in the past. tor like anything security related is very tricky to get right, implementations and packaging can completely screw up the security/anonymity. I wouldn't trust any of the easy to use bundled systems. You also need to maintain high levels of network and browser security. Silk road was brought down by a combination of drive by browser installed malware and social engineering among other tactics (regular ol' police work played a roll as far as I know).

If you can't manage a high level of network security, I wouldn't rely on the anonymity of tor. If you just want to get to places that are somewhat questionable (but not high profile targets of acronym agencies) it's fine.
 

troutman

New member
yep, been surfing out of googles and microsofts clutches for years............AMAZING what's out there, just hesitant about bitcoin though. well a billion fricken criminals can't be all wrong...........

never underestimate the power of the Dark Side.lol



 
Last edited:

Ben

New member
TOR was developed for US-supported insurgencies. Obviously it offers no privacy from the US.
 

braindead0

Ignore the machine
?? TOR was developed by DARPA and the US Naval Research lab to secure communications of all sorts. Saying it was to support insurgencies is like saying cell phones were designed to support drug dealers.

It's currently developed by private individuals, and it does provide plenty of privacy from the US government agencies.. IF deployed properly and used carefully. For example running bittorrent DHT over tor exposes your IP address. The wikipedia page seems to be pretty well up to date on the current state of affairs as well as the attacks against tor: https://en.wikipedia.org/wiki/Tor_(anonymity_network)

If some US agency wants to know what you're doing, there are much easier ways to get that information. Trying to gather intelligence via TOR is difficult and very time consuming, dropping a key logger/backdoor on a system is typically much easier.
 

Ben

New member
?? TOR was developed by DARPA and the US Naval Research lab to secure communications of all sorts. Saying it was to support insurgencies is like saying cell phones were designed to support drug dealers.
No, they were designed for mass surveillance.
 

braindead0

Ignore the machine
Mostly FUD.. believe what you wish, the fact is that network security is something that 90% of users (maybe higher) don't understand well enough to come to any actual legitimate conclusions (including the people behind this video). Unless you're willing to spend years learning about all of the technologies involved (and keeping up with changes) you're left guessing or relying on "experts" who are often simply press release regurgitators.
 

flighht2k5

Active member
Mostly FUD.. believe what you wish, the fact is that network security is something that 90% of users (maybe higher) don't understand well enough to come to any actual legitimate conclusions (including the people behind this video). Unless you're willing to spend years learning about all of the technologies involved (and keeping up with changes) you're left guessing or relying on "experts" who are often simply press release regurgitators.
But the question is, is it worth the risk? Since you're an "expert" do you trust using tor?
 

braindead0

Ignore the machine
But the question is, is it worth the risk? Since you're an "expert" do you trust using tor?
I use TOR quite a bit, mostly for browsing the more sketchy areas of the web (4chan, cc trading sites, hacker sites and the like). However my tor traffic is also routed through privoxy (which strips out a lot of bad stuff) and the other security measures I have on my network provide a high level of certainty that my systems and network are secure... I also have regular PCI-DSS scans done by a third party security firm as part of my job is developing credit card software.

I wouldn't use it to access anything illegal on purpose or conduct any sketchy business, mostly because you may have the best operational security around but you cannot rely on the other end or any intermediaries having that same level of security and quite frankly humans are easy to manipulate into giving out information they shouldn't. Just the way it is.

I would advise the average user that wants to explore, so do so from a virtual machine running tails and avoid obvious illegal sites unless you have a legitimate reason to be there (I keep up with some hacking sites so I can project against the latest hacks).
 

flighht2k5

Active member
I use TOR quite a bit, mostly for browsing the more sketchy areas of the web (4chan, cc trading sites, hacker sites and the like). However my tor traffic is also routed through privoxy (which strips out a lot of bad stuff) and the other security measures I have on my network provide a high level of certainty that my systems and network are secure... I also have regular PCI-DSS scans done by a third party security firm as part of my job is developing credit card software.

I wouldn't use it to access anything illegal on purpose or conduct any sketchy business, mostly because you may have the best operational security around but you cannot rely on the other end or any intermediaries having that same level of security and quite frankly humans are easy to manipulate into giving out information they shouldn't. Just the way it is.

I would advise the average user that wants to explore, so do so from a virtual machine running tails and avoid obvious illegal sites unless you have a legitimate reason to be there (I keep up with some hacking sites so I can project against the latest hacks).
That's way above my knowledge of computers :)
What's 4chan?
 

braindead0

Ignore the machine
https://en.wikipedia.org/wiki/4chan


Also do not under any circumstances (unless you have a lot of money and want to be a test case) run TOR configured as an exit node. Exit nodes are where the users hit the clearnet, I'm sure there are tons of good articles on the subject if you want more information.... in short just don't do it ;-)
 
Top