/os/ - Online Security

News, techniques and methods for computer network security.

Posting mode: Reply

Check to confirm you're not a robot
Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Catalog | Bottom


Welcome to Online Security the place for internet and computer security, privacy and anonymity.
If you have some helpful tips please feel free to share your ideas. Start a new thread, or contribute to an existing thread.

Expand All Images


VPN/proxy/TOR general thread Anonymous 04/15/2016 (Fri) 22:12:39 [Preview] No. 2
Cool board idea.

What's the safest possible way to browse the internet anonymously and safely? There's a thread on /tech/ with the endwall developer talking about proxychains, and that seems pretty cool. Some of the links to proxy lists seem dead, and I have found some online but why should I trust these random 'free' proxies?

What about proxychains over VPN? I'm currently using Mullvad which is alright, and I'm curious about more security if need be. Does a VPN -> proxychain -> TOR connection work? Sounds horribly slow in theory, but I think we all know that privacy comes at a cost in our current world.

I suppose I could call this a 'VPN/proxy/TOR general thread.'


kripplekuk 04/16/2016 (Sat) 02:06:20 [Preview] No. 3 del
>>2
Thanks.
The thread on /tech/ is filled with info on tor, proxies, etc.

https://archive.is/vRLGB
Has a good explanation on tor though vpn, vpn through tor, etc.

Imo TOR -> VPN OK.
VPN -> TOR BAD.

Proxies are also not that good, especially the free ones. They could claim to keep no logs yet log everything. Watch out for "high anon" proxies. 90% of the time they're honeypots. But as long as you are using your VPN and websites that support HTTPS You should be okay with proxies. I personally avoid them.


Endwall 04/17/2016 (Sun) 22:01:01 [Preview] No. 6 del
>>2
> why should I trust free proxies

You probably shouldn't. It's just a technique to be used in certain situations.

I have experienced anecdotal evidence that tor doesn't provide anonymity when doing this.

$ torsocks youtube-dl link/list

while I have annectdotal evidence that

$ proxychains youtube-dl link/list

Goes un noticed when I chain 3 additional proxies from different countries.

I'm not going to explain what that evidence is.

My idea is to mess these surviellence analyzers up with randomness, and come from vectors that they aren't watching/expecting.

The list of exit nodes is published. I assume all traffic from entry and exit nodes is monitored. I also assume that deanonymization is happeinging by correlating bit rate on each end, and by correlating bit rate or some other information when you hit a prism service like youtube. Youtube has got to go.

I go Tor -> proxy1 ->proxy2-> proxy 3-> target.


The proxies die after about 2 days to a week so its more work to go and collect more fresh proxies and to test them. I've been lazy over the last 2 months and have just been using tor to target. I really need to refill my proxies.

Just my 2 cents, I'm no expert.


Endwall 04/17/2016 (Sun) 22:15:55 [Preview] No. 7 del
>>6

My Idea is : "Be Random, Blend In, Attack from Behind"

Tor gets you around the ISP and their surveillence and monitoring. Random user agent and user agent spoofing to the most common user agents blends you in. Randomize your download timing, so that it looks like a one off. Randomize your attack vector to come from behind or from the side where they aren't focusing.

Tor beats the ISP and local surveillance, proxies (hopefully) beat NSA and intertwined advanced surveillance.

Tor alone won't beat the NSA or millitary agencies with sufficient resources. I really don't care what Jacob Appelbaum says about this, or what that 1 slide from the Snowden leaks says about TOR being hard, that they keep bringing out to show people.

They have the best Computer Science PhD minds and $20 billion/year of resources to put devices anywhere and everywhere.

Its a hard problem, and a ridiculously strong advesary. I just want to watch the news on youtube unmolested...i'm not a criminal, but these people certainly are.


Anonymous 04/18/2016 (Mon) 06:10:16 [Preview] No. 9 del
>>7
Do you use per request randomization of user agents or a random change of user agents regardless of user agent requests? Which is "better"? Also, how the hell do you randomly download something?


Endwall 04/18/2016 (Mon) 07:01:24 [Preview] No. 11 del
>>9
as of right now I'm just using links /links2/xlinks behind tor with a fake user agent that I change every day or so. For youtube-dl I set the user agent in the config file and change it every day or so between a couple of different options.

I think that per request user-agent randomization would really mess the surveillance up.

I wrote this for youtube-dl for downloading links in a *.txt list.

http://paste.debian.net/438721/

you just gave me a great idea. Each request I can switch the user agent. That would be gnarly. Great idea I'll work on that on the 29th of April. Should be easy to write that up for youtube-dl.

This is going to be rad.


Anonymous 04/18/2016 (Mon) 08:15:52 [Preview] No. 12 del
>>11
How about you do that for curl and wget as well? (What now, are you going to make it work with proxychains as well to satisfy your thirst for plausible deniability?)


Endwall 04/18/2016 (Mon) 08:35:00 [Preview] No. 13 del
>>12

You're reading my mind.

Here is a simplistic version of it so far.

http://paste.debian.net/438809/

A more complete version would have other types of common browsers and versions and go through and select them using case or an if statement depending on the random number.

A more complex version can add a a list of proxies and randomly seletct one using the
--proxy option, or switch from torsocks to proxychains in the command.

I'm going to do this kind of thing for wget and curl as well!! Great idea.

I actually lol'd when this worked.

I'll work on adding complexity to this later. I have to study for final exams, no time for hobby time this week.


Anonymous 04/18/2016 (Mon) 08:47:06 [Preview] No. 14 del
>>7

>Random user agent and user agent spoofing to the most common user agents blends you in

kek

>Randomize your attack vector to come from behind or from the side where they aren't focusing.
>intertwined advanced surveillance.

hey kid, go read some more, write less, this is cringeworthy


Anonymous 04/18/2016 (Mon) 09:20:28 [Preview] No. 15 del
>>14
Let the man dream, all you can do is post copypasta like >>>/tech/2563 >>>/tech/2564


Anonymous 04/18/2016 (Mon) 09:25:41 [Preview] No. 16 del
(76.26 KB 450x526 crhea160418.gif)
This part is very simple: if you want anonymity you use Tor Browser, and you don't fuck with its default behavior (IOW, you do not alter it's fingerprint, otherwise you are reducing your anonymity set or, worse, deanonymizing yourself). Period.

Any other choice (currently) implies you don't really care much for your anonymity; which is not necessarily wrong in itself. For example, it might just mean that your threat model simply isn't that stringent, or "scary", so you don't actually need anonymity. (Actually, there are other arguments for demanding anonymity even if you think you, personally, don't need it. They relate to making population-scale monitoring and control harder and helping those that actually do need it by enlarging their anonymity set. So if you want to be a good net citizen, be anonymous!)

If you are using any other browser (even if you tunnel it over Tor) then you *might* have location-anonymity (IP-anonymity), that is, of course, assuming you configured everything properly and don't have leaks. But you will still be (rather easily I bet) fingerprintable. Your IP might be hidden, and, if don't reveal yourself with poor opsec, your identity might not be immediately obvious, but it will be possible to correlate and link all your browsing sessions. This might, or might not, be enough to deanonymize you. (I hope you are able to see, then, the following corollary: using the same fingerprintable browser over Tor and on clearnet is the same as only using it over clearnet.)

In the landscape of fingerpintable facets the user-agent string is such a small detail that it doesn't even matter if you change it or not, and, in fact, changing it, either statically or randomly, may very well make you even more fingerprintable because this could be yet another aspect that distinguishes you from the rest of the herd. Think about it: of the set of internet users who share all my _other_ fingerprintable facets, what percentage will also share with me this newly changed facet? IOW, by changing this facet (say the user-agent string) am I increasing the number of users who share it me? Or am I decreasing it, making myself more unique?

And don't fool yourself thinking that a randomized facet is not fingerprintable: fingerprinting algorithms do not have to be stateless, they can remember and correlate apparently-discrete observation data-points. IOW, they can realize that you are wearing a scramble suit and simply put the "scramble suit" tag on you. OK, so now the question is, how many other users share the "scramble suit" facet with you while also sharing all your other facets? You see? This is the same question we were asking previously. Randomizing a facet does not defeat fingerprinting in any way, the very act of randomization becomes fingerprintable. (Also remember that your fingerprint is not the result of observing a single facet, but a combination of all observable facets.)

So, in the end, the only defence against fingerprinting is to try and become as indistinguishable as possible from the largest possible group of anonymous users. So far it seems the best opportunity lies with the group of well-behaved Tor Browser users. (Read "well-behaved" as "non-idiotic": some people will even try to put Adobe flash on it.)


Anonymous 04/18/2016 (Mon) 10:28:40 [Preview] No. 17 del
I think "Endwall" anon is attempting to be fingerprintable as a normie while using Tor and additional three proxies in a chain. It's against the traditional concept of anonymity. By being pseudonymous/more fingerprintable in certain aspects, he attempts to be considered by the internet as some random schmuck but in reality, how a website's page renders to the user's end can easily unveil the actual web browser's engine, which disabling features would only contribute to the profile that they receive from your web browser. The best way to have anonymity through trackable fingerprinting is to do what RMS does which is to ask for permission to use other people's computers to look at proprietary shit at their expense. Unfortunately, not everyone can travel the world like RMS. In some ways, he's living the dream in avoiding being tracked down, but since airplanes and the flight info shit is pretty much public domain, depending on what kind of content that RMS is viewing, even proxy viewing of said link is not enough because of metadata concerning what RMS does and looks up and where he is. Unless RMS can pull off shenanigans like using a private aircraft which Sir Richard Dearlove (DOK) the head of MI6 along with Sir Stephen James Lander (POW) the head of MI5 came into US airspace after the 9/11 attacks of what should had been a no fly zone but like, doing that for literally all your flights to be off the record and unstoppable, even RMS is trackable and the general whereabouts as to what computer he would be using based off of where he would stay from decrypting PGP encrypted emails of the plans, use GPS to reverse search for the IP addresses of that building that he might go to.


Anonymous 04/18/2016 (Mon) 23:52:08 [Preview] No. 19 del
>>17
The whole finding out one's IP address via GPS location is my theory of how advanced their tech is. I figured that if one can find out a GPS location via IP address, the reverse could be possible. However, with "cooperation" of ISPs, they could find out though, if that's what they do instead of doing what I've suggesting they could do, I'm slightly disappointed in them. They could, depending on what website link, web browser, and what computer that URL is about to be viewed, it could be "bugged" remotely via ISP IP range for a short period of time, recording via canvas and webrtc tech and others to see what they do with it or even prevent access to it while blocking all known VPN IPs and Tor nodes via ISP so to make sure that they can't circumvent the great firewall, and if they don't use dns servers, they could simply snoop the easy way out while temporarily enforcing use of the ISP's dns servers or else no connection to the ISP and no internet. Again, this is all what I feel is plausible speculation, but that method is more effective in having people around said being to not have access to the internet or certain parts of the internet without being backdoored or hit with malware than tracking them to gather intel concerning what that Target Individual is trying to get through other people's computers. Through Facebook and such, the Targeted Individual's contacts are already known to the 3rd hop even if they don't have Facebook or Netflix and such. Also, what that "TI" seeks after in certain aspects are easily identified by what they snooped concerning the TI before they had realized their predicament. If a bunch of TIs seeks to look into information of the same website or link, it's easier to ban the said content via the country's firewall.


Endwall 04/19/2016 (Tue) 05:09:49 [Preview] No. 20 del
>>13

endtube.sh version 0.04

http://paste.debian.net/439436/

I've added cases and other user-agents for chrome. I don't know if these are the most common or best options. Send me a link ot the best user agents and I'll swap them out.

Let me know if it works.

The next step is to incorporate a list of proxies to cycle through with each download. I'll do that later. Try it out and comment.


Endwall 04/19/2016 (Tue) 05:47:56 [Preview] No. 21 del


Anonymous 04/19/2016 (Tue) 10:38:00 [Preview] No. 22 del
>>20
>>21
The default downloads folder has a capital/uppercase D, so was that intentional to use a lowercase d so that it won't mess with the uppercase D Downloads folder?

https://amiunique.org/stats shows the common user agents in their interactive pie chart though you have to disable lots of shit to make it work, maybe someone with a less autistic setup can list the two most used user agents per web browser from it. I'm unfortunately can't be bothered doing it.


Endwall 04/19/2016 (Tue) 16:06:29 [Preview] No. 23 del
>>22
>downloads/Downloads
that was a typo/ nothing intentional.I've changed it to Downloads. Its just meant to get you to put the videos somewhere seperate. You can do it anywhere once you add ~/bin to the path.

>amiunique.org/stats
Yeah I'm having problems getting the stats to show as well. I have a clean browser with Javascript enabled (Iceweasel) and it won't work on that either...I'll try it again later.

Thanks for the review/comments.


Endwall 04/19/2016 (Tue) 21:38:32 [Preview] No. 24 del
endtube.sh version 0.06

http://paste.debian.net/439606/

This now randomizes a plaintext list of proxies and uses one of them for the download front end over torsocks. Also if the proxy list is not present then it operates as previously with just torsocks.

I was trying to do something fancy with character arrays (arguments) and randomly selecting one of the arguments, but gave up and did something sloppy that works instead.

if you switch the torsocks to proxychains and add 2 proxies as front end this would be the original protocol that I described earlier.


Endwall 04/19/2016 (Tue) 21:55:52 [Preview] No. 25 del
endtube.sh version 0.07

http://paste.debian.net/439609/

fixed some typos. Should be good to go. I'll update this by git from now unless there are serious changes. Let me know if it works for you. Review and critique are welcomed.


Anonymous 04/23/2016 (Sat) 02:52:14 [Preview] No. 27 del
Common web browsers: chrome: 39, 47 firefox: 34, 38 IE: 11 (who the hell uses Tor with IE) Opera: 26, 12.17 iOS app (who uses Tor with the iOS web browser)
Common OS: win: 7, 8.1 mac: 10.10 linux: ubuntu (no stats concerning specific versions of linux nor ubuntu available in the shitty pie chart)


Anonymous 05/03/2016 (Tue) 11:47:35 [Preview] No. 35 del
If you use a VPN or a proxy, you have to fully trust them. Trusting third parties is bad opsec.

If you chain regular proxies together, the first proxy knows both who you are and where you're going. This is horrible.

If you use Tor, you're reasonably safe. The main weaknesses of the technology are correlation and fingerprinting.

Correlation:
Your Tor traffic has two weak points - the point of entry, and the point of exit. If you add any additional proxies, each represents an additional weak point.

Fingerprinting:
Anything that deviates from the default Tor Browser behavior makes you stand out. You don't have to use Tor Browser, but you better make sure that whatever you use has the exact same fingerprint.


Endwall 07/07/2016 (Thu) 13:56:50 [Preview] No. 151 del
Hak5 2019
OpenVPN from scratch
https://www.youtube.com/watch?v=XcsQdtsCS1U
Hack5 2017
How to build an OpenVPN access point pt 1
https://www.youtube.com/watch?v=XDCv_xxw4BW4
Hack5 2018
How to build an OpenVPN access point pt 2
https://www.youtube.com/watch?v=z156R47Yb_Q


Anonymous 07/09/2016 (Sat) 21:36:48 [Preview] No. 160 del
(39.25 KB 926x716 bestvpn.png)
choose one fagit


Anonymous 07/12/2016 (Tue) 10:20:25 [Preview] No. 167 del
OP here

Lessons learned:
1) proxychains are not very useful I don't see much point in using them, Tor and VPN is the way to go if you want to access the clearnet. I2P is cool too, but I'm waiting for integration of I2P router in Whonix Gateway to really give it a chance. The classic

"Hey Proxy1, can you please forward "forward to Proxy3; forward to Proxy4; forward to Proxy5; forward to https://encrypted.google.com 'c8e8df895c2cae-some-garbage-here-(encrypted)-166bad027fdf15335b'" to Proxy2? Thanks!"

really proves my point here. The only time this might be OK is if you're on a VPN through Tor session. At that point, your connection is secure from tampering and so far away from yourself, maybe you could use it to not get your VPN account b&? I'm not sure.

2) VPN through Tor is the best. It's the perfect for browsing clearnet sites, as it avoids the usual captcha or ban you get with Tor, it stops MITM attacks from the Exit Node, and it's not horribly slow. I was streaming youtube content without any stutters at 720p. That's good enough for me. Shoutouts to cryptostorm for letting Tor users not only connect up, but allowing anonymous payment with BTC and through Tor. I didn't like them for a while after one of the main guys got busted, but if I never have to show my true IP I feel safe anyway.

3) Qubes is good. Like, really good. TBH, I feel with Intel ME and SMM on modern CPUs, you're pretty much owned already. Hopefully Xen cleans up their act and secures their hypervisor more to stop these recent VM escape bugs. For serious, if you're using anything that can't libreboot, and you have 8GB+ of RAM, consider using Qubes. The only thing I'd consider more secure would be a classic parabola install on libreboot with the libre kernel and all that jazz. Qubes still has some distinct advantages over that though.

4) RUN A RELAY IF YOU HAVE THE BANDWIDTH. If you use the same internet everyday like me, and if you're pushing tons of traffic (primarily downloading) then it's easier for an APT to deanonymize you. Running a middle relay forces your internet to connect to Entry nodes and Exit nodes all day. You can't possibly know what's going through the relay, so it's like free masking Tor bandwidth. Early NSA papers on the studies of traffic correlation suggested that users who run relays are much harder to deal with.


All in all, I've learned a bunch over time. If anyone is curious about how to run VPN through Tor, I would be willing to write up a simple guide. I know of two ways that would definitely work, one in Qubes specifically and one at the router level, along with possibly another way running from one machine. I'm not too sure if it'd work, I don't have a machine without Qubes on it that'd make it easy to test.


Anonymous 07/12/2016 (Tue) 10:35:52 [Preview] No. 168 del
>>167
>VPN after TOR
Do you think this is a fucking game? Do you you think this is a fucking game m8? If you use a VPN then you can safely start TOR. That's what it is for. You connect to the vpn then bye-bye. I will seriously suggest you know this is not some little game ok. I am pretty angry right now anon this is textbook fed talk.


Anonymous 07/12/2016 (Tue) 21:13:14 [Preview] No. 175 del
>>168
Well, I could see that being a problem if you live in a country where using Tor is against the law/could possibly get the cops knocking on your door. In my home country though, it's nothing to worry about.

much like >>35 has said, you have to trust that your VPN doesn't care that you use a fuck ton of Tor. If you route your traffic through Tor first though, you only have to trust one of the relay's to have anonymity. It's been shown in NSA documents that even if they own the entry and exit nodes they have issues correlating users. ESPECIALLY WHEN YOU RUN YOUR OWN NODE.

While I was sleeping, my relay pushed over 6GB and I currently have over 1000 connections in and out with Entry and Exit nodes. Does that not seem anonymizing to you? Plus, if you want to make the Tor network stronger then you should run a relay anyway.


Anonymous 07/12/2016 (Tue) 21:23:51 [Preview] No. 176 del
>>175
I can see there being an exception with a VSP or DPS Run through tor. Though I really do not feel comfortable connecting unless I am using a privacy implement such as a VPN and or Virtual Machine Beforehand.


Anonymous 07/12/2016 (Tue) 21:24:59 [Preview] No. 177 del
>>176
*VPS


Anonymous 07/13/2016 (Wed) 03:44:42 [Preview] No. 182 del
How To make a VPN Gateway in Qubes
https://www.qubes-os.org/doc/vpn/


Anonymous 07/13/2016 (Wed) 04:19:46 [Preview] No. 183 del
>>182

Yeah, you can also attach your VPN ProxyVM to your Whonix Gateway ProxyVM and create user -> Tor -> VPN connection. You need to use a VPN service that supports TCP and doesn't block Tor users.

Special note: If you're following the guide, and need a username/password, change the line in .ovpn file that says 'auth-user-pass' to 'auth-user-pass credentials.txt' and create a file with your username and password ie:

credentials.txt:

Username
Password

and then save it so when OpenVPN starts it will read the file for your credentials. Then you can chown and chmod to protect against possibly getting owned.


Email Endwall 07/27/2016 (Wed) 07:09:19 [Preview] No. 224 del
http://www.void.gr/kargig/blog/2014/05/10/smtp-over-hidden-services-with-postfix/

I'm setting up the tor hidden service email version of this. That plus tls 1.2 + gpg RSA:4096 should be interesting.


Endwall 07/29/2016 (Fri) 01:56:56 [Preview] No. 225 del
>>224
My email hidden service is up. Can someone send me some email so that I can test it out?

endwall@tmg3kli67jlbcduh.onion

You will need starttls.


Endwall 07/29/2016 (Fri) 05:57:06 [Preview] No. 231 del
Hak 5 Episode 2022
Title:Fast, Free, and Easy VPN Build in Minutes
https://www.youtube.com/watch?v=04EmeXSZo_0


Anonymous 07/29/2016 (Fri) 10:07:40 [Preview] No. 233 del
Have you tried Confidentmail?

Also I still disagree with having tor (Anonimity) start before the vpn (privacy).


Endwall 07/30/2016 (Sat) 02:08:56 [Preview] No. 236 del
Can someone try this and tell me if you see it?

$ torsocks telnet tmg3kli67jlbcduh.onion 25

I can see it and send myself email using postfix.
My hidden service mail server won't be up all the time for now, but I'll put up a dedicated computer for it later.

Send mail through torsocks by modifying the master.cf.

Instructions:

Step 1.
In /usr/local/etc/tor/torrc
uncomment the lines

HiddenServiceDir /usr/local/var/lib/tor/
HiddenServicePort 25 127.0.0.1:25

Restart tor

Step 2.
Then go get the domain name in /usr/local/var/lib/tor/hostname and write it down.

Step 3.
Then change the postfix domain to the hidden service domain in /etc/postfix/main.cf, as well as changing your host name to include your new hidden service domain name.

Step 4.
Replace smtp with smtp_tor and make the file smtp_tor executable in the directory /usr/lib/postfix/

Create /usr/lib/postfix/smtp_tor with the following content:
#!/bin/sh
torsocks /usr/lib/postfix/smtp $@

Step 5.
Then modify /etc/postfix/master.cf

smtp unix - - n - 1 smtp
relay unix - - n - - smtp

to be

smtp unix - - n - 1 smtp_tor
relay unix - - n - - smtp_tor


Step 6. Setup an account and login/password for your anonymous name, postmap it in /etc/postfix/virtual, then reload and restart postfix.

####################################################
Then when you're able to, send me a test email using TLS.

>>233

I think this is how I'm going to email anonymously, if it works. Hidden service + TLS 1.2 + pgp RSA:4096, self hosted. Set it up and try it out.
Edited last time by Endwall on 07/30/2016 (Sat) 04:45:43.


Endwall 08/02/2016 (Tue) 03:15:11 [Preview] No. 240 del
I just setup 2 postfix hidden services and tried to send email using this method. It didn't work. I can telnet to each server and they seem to be up. However the command substitution smtp_tor is not working. Postfix gives the error:

warning: process /usr/lib/postfix/bin/smtp_tor pid 5513 exit status 1
warning: /usr/lib/postfix/bin/smtp_tor: bad command startup -- throttling

However it works when sending mail to yourself on the same server. I think it is having a name resolution problem. Any ideas on how to fix this?


Endwall 08/02/2016 (Tue) 08:08:11 [Preview] No. 243 del
Solution:

$ torsocks pacman -S swaks perl-net-ssleay

$ nano notes.txt
$ torsocks swaks --server tmg3kli67jlbcduh.onion --to endwall@tmg3kli67jlbcduh.onion --from me@returnaddress.onion --helo "returnaddress.onion" --tls --body notes.txt

encrypt notes.txt with my public key for extra points.

Status: Just tested it, working.


Endwall 08/05/2016 (Fri) 07:30:04 [Preview] No. 254 del
Hak 5
Episode 2023
Fast, Easy and Free SSL Certificates with Let's Encrypt - Hak5 2023
https://www.youtube.com/watch?v=KCTKC1iUlC8


Anonymous 08/06/2016 (Sat) 23:09:27 [Preview] No. 260 del
(665.90 KB 666x666 666.jpg)
https://news.bitcoin.com/bitcoiners-use-tor-warned/

TOR and VPNs will likely be illegal in the U.S. come 2017. FBI's reach extended globally

https://news.bitcoin.com/bitcoiners-use-tor-warned/


Anonymous 08/07/2016 (Sun) 14:59:35 [Preview] No. 264 del
(1012.81 KB 250x251 1456432007579-1.gif)
>260
Why is nobody interested in this? Considering the shit hits the fan December 1st...


Endwall 08/15/2016 (Mon) 06:10:35 [Preview] No. 284 del
tor/src/or/
or.h
#define DEFAULT_ROUTE_LEN 3
change this to
#define DEFAULT_ROUTE_LEN 5

routerparse.c
digest_algorithm_t alg = DIGEST_SHA1;

Leave this alone, it's required for the signature checking with each router (don't change it or it will break your connection)

If you know of any other good mods for tor post below. Thanks.
Edited last time by Endwall on 12/22/2016 (Thu) 05:13:26.


Endwall 08/20/2016 (Sat) 19:51:24 [Preview] No. 346 del
Regenerate intermediate term signing key in tor

$ tor --keygen

This will ask you to create a passphrase
make a strong one up before hand and store it somewhere (in your mind, in a notebook, in an encrypted file etc) use a random password generator for inspiration for pieces of the password:
$ passgen


Endwall 11/13/2016 (Sun) 02:22:34 [Preview] No. 671 del


tor 2.9.5 alpha Endwall 11/26/2016 (Sat) 06:09:14 [Preview] No. 689 del
2006-11-08
https://www.torproject.org/dist/tor-0.2.9.5-alpha.tar.gz
https://www.torproject.org/dist/tor-0.2.9.5-alpha.tar.gz.asc

https://gitweb.torproject.org/tor.git/plain/ChangeLog

Changes in version 0.2.9.5-alpha - 2016-11-08 Tor 0.2.9.5-alpha fixes numerous bugs discovered in the previous alpha version. We believe one or two probably remain, and we encourage everyone to test this release. o Major bugfixes (client performance): - Clients now respond to new application stream requests immediately when they arrive, rather than waiting up to one second before starting to handle them. Fixes part of bug 19969; bugfix on 0.2.8.1-alpha. o Major bugfixes (client reliability): - When Tor leaves standby because of a new application request, open circuits as needed to serve that request. Previously, we would potentially wait a very long time. Fixes part of bug 19969; bugfix on 0.2.8.1-alpha. o Major bugfixes (download scheduling): - When using an exponential backoff schedule, do not give up on downloading just because we have failed a bunch of times. Since each delay is longer than the last, retrying indefinitely won't hurt. Fixes bug 20536; bugfix on 0.2.9.1-alpha.


tor mods Endwall 11/26/2016 (Sat) 06:24:17 [Preview] No. 690 del
tor/src/or/
circuituse.c

else if (build_state && build_state->desired_path_len >= 4)
cutoff = fourhop_cuttoff

change 4 to PATH_LEN + 1
so for a 5 hop length route use 6 for a 6 hop length route use 7 etc.


Tor Browser Endwall 01/06/2018 (Sat) 02:31:17 [Preview] No.1097 del
Tor Browser

Step 0) Make some directories
$ mkdir -p ~/tor
$ mkdir -p ~/bin
$ cd ~/tor

Open a browser and go look here : https://dist.torproject.org which is where the files will be pulled from

Step 1) Get the relevent files
( using wget, endget or torsocks wget, I'll assume the user is just getting started and has a 64 bit distribution of linux )

Get the SHA256 sums
$ wget https://dist.torproject.org/torbrowser/7.0.11/sha256sums-signed-build.txt
$ wget https://dist.torproject.org/torbrowser/7.0.11/sha256sums-signed-build.txt.asc

Get the file and signature
$ wget https://dist.torproject.org/torbrowser/7.0.11/tor-browser-linux64-7.0.11_en-US.tar.xz
$ wget https://dist.torproject.org/torbrowser/7.0.11/tor-browser-linux64-7.0.11_en-US.tar.xz.asc

Step 2) Check the sha256sum and gpg signature

$ gpg --receive-key 0xD1483FA6C3C07136
$ gpg --verify sha256sums-signed-build.txt.asc

$ cat sha256sums-signed-build.txt
$ grep *linux64* sha256sums-signed-build.txt

$ grep tor-browser-linux64-7.0.11_en-US.tar.xz sha256sums-signed-build.txt >> tor_sha256sum.txt

$ sha256sum -c tor_sha256sum.txt
$ gpg --verify tor-browser-linux64-7.0.11_en-US.tar.xz.asc

## If these don't say GOOD SIGNATURE or the sha256sum outputs BAD CHECKSUM delete the file and try again.

Step 3) Unpack the zipped tar file

$ tar -xvf tor-browser-linux64-7.0.11_en-US.tar.xz
$ cd tor-browser_en-US
$ cd Browser
$ ls
$ pwd

Copy the present working directory into the clipboard or a text file
Now test to see if the binary works:
$ ./start-tor-browser

If so make a link

Step 4) Link and add to $PATH

$ cd ~/bin
$ ln -s ~/tor/tor-browser_en-US/Browser/start-tor-browser tor_browser
$ echo $PATH
$ export PATH=~/bin/:$PATH
$ echo $PATH
$ cd ~

Step 5) Start Tor Browser from command line
$ tor_browser


tor_browser Endwall 01/06/2018 (Sat) 04:55:57 [Preview] No.1098 del
(72.09 KB 1000x500 tor_browser_7hops.png)
Tor Browser 7 Hops

step 0) Modify the tor source and compile
Do the modification recommended here:

http://s6424n4x4bsmqs27.onion/os/res/692.html#q709

or.h
#define DEFAULT_ROUTE_LEN 3
change this to
#define DEFAULT_ROUTE_LEN 7

circuituse.c

Also change this

else if (build_state && build_state -> desired_path_len >= 4)

to be:

else if (build_state && build_state -> desired_path_len >= 8 )

Now compile from source according to:
http://s6424n4x4bsmqs27.onion/os/res/692.html#q707

Step 1) copy the tor binary into place

$ cd ~/tor/tor_browser/Browser/TorBrowser/Tor/
$ mv tor tor_old
$ cp ~/tor/tor_stable/src/or/tor tor

Step 2) Start Tor Browser
$ cd ~
$ tor_browser


Anonymous 02/11/2018 (Sun) 21:51:01 [Preview] No.1112 del
>>1097
A key server needs to be appended to gpg --recieve key, otherwise it defaults to internally configured keyservers, which might or might not be there. Also, keyservers interaction is done over http, which is a no no. As long as Tor is running, you can do
gpg --keyserver hkp://jirk5u4osbsr34t5.onion --recv-key 0xD1483FA6C3C07136
Or your onion keyserver of choice. Don't know what you're doing for the cat and grep combo, checking to see if it has any sums and then those for linux64? Grep is off, either way, should be "linux64" if you're using GNU Grep 3.1. Second/last grep is good, but not for the most recent 7.5 release.
grep "linux64-7.5_en-US.tar.xz" sha256sums-signed-build.txt >> tor_sha256sum.txt
And also switch for newest release:
gpg --verify tor-browser-linux64-7.5_en-US.tar.xz.asc
And
tar -xvf tor-browser-linux64-7.5_en-US.tar.xz
Otherwise, can confirm this process work. Only confused why you would install it under home and with user/wheel permissions? This is convoluted (key checking in general), might write up a script right now to do something quicker.


Anonymous 02/12/2018 (Mon) 18:43:08 [Preview] No.1115 del
>>1097
>>1112
And I did, here's the script for anyone that wants to do this quickly: https://gitgud.io/gaddox/Private-Tor-Browser-Installer/raw/master/downloadTorBrowser.sh


Endwall 02/13/2018 (Tue) 02:48:58 [Preview] No.1116 del
>>1115

Nice. Your script looks well designed. I'll read it over in detail on Saturday. See we need more people like you over here to share good work and good ideas on these kind of problems.

The easier it is for more people to download, install, and use security, privacy and anonymity tools, the better off we will all be in the long run. Good work. Keep it up. A positive feedback loop has just been initiated. A Free Software Virtuous Cycle. Thanks for sharing Gaddox!


Anonymous 02/13/2018 (Tue) 03:31:06 [Preview] No.1117 del
>>1116
Cheers, Endwall. Any updates in the interim will be published at that link. And hopefully with another living soul around, it'll attract others and we can turn this closed cycle into a growing fibonacci spiral.


Anonymous 02/14/2018 (Wed) 14:25:42 [Preview] No.1120 del
One thing people will notice but never say is that normies WANT TO USE VPNS THEY THINK THEY CAN USE ONE ON A PHONE.

Look at android and itunes top apps paid and free. Those lists are LITTERED with BULLSHIT VPN apps that DO NOTHING for privacy. Hypocrites. Anyone who says "lets microchip everyone I aint got nothing to hide" They do they are hiding behind that talking point instead of an actual opinion. Somehow the media has convinced the people to want to ban vpns while the top apps for mobile are vpn apps aside from games and shit like tinder.

These cucks want all they microchips laws to go through. They think hola free vpn .apk is going to hide them as they downvote something they are supposed to downvote. Look at chrome extentions firefox extensions. All browser fingerprint spoofing.Look at the most torrented proprietary software. All virus protection programs like mcaffe and norton antivirus.
they think that they are not supposed to use vpns or shit that actually works. A bunch of incognitos pretending they dont need privacy. They dont need privacy now that being a pathetic homosexual that does nothing but pout about liberal nonsense is the ideal citizen.


Anonymous 02/14/2018 (Wed) 15:20:36 [Preview] No.1122 del
>>1120
Perhaps the most loud are the most unaware. I would bet my money the ones who care know anything about VPNs aren't dumb enough to yell and scream about muh terrorists or such. Or atleast there may be a little overlap.


Anonymous 02/14/2018 (Wed) 21:49:40 [Preview] No.1124 del
>>1122
Yes I am a sec beginner so I am loud in my observation of this lol.Any politicizing of technology is dangerous. Also proprietary companies like google are a threat too.


Anonymous 02/15/2018 (Thu) 01:24:08 [Preview] No.1125 del
>>1124
Ah mate, I'm on your side, there's been some miscommunication. What I meant was the age old "vocal minority" being the loudest, while the majority quietly enjoys their lot, with a slyly opportunistic smirk.


Endwall 08/13/2018 (Mon) 06:23:09 [Preview] No.1262 del
Tor Proxy on Local Area Network (LAN)

What ?
Setup multiple computers on a LAN to route through a tor proxy for specific applications (Links2, , etc)

Why ?
-To allow novice Linux users (mom,dad,etc), to use Tor on applications that allow socks proxy settings like links2, without needing to know how to start Tor in the command line or setting a tor daemon.
- (My reason) To allow another computer to handle Tor with a base install and to close all ports except for 9050 (or a randomly chosen port) outbound on a select computer that you use for Tor browsing and other Tor applications (endcurl, endget, endtube, oldtube, torsocks) etc.

-If you have an implant or a beacon with key logging it will usually broadcast out on port 53 or port 80, close everything (using endwall.sh and comment all ports out except local host for the ports you need and the random outbound port you will use for Tor) and set Tor outbound to a random port (not 9050 say 34591) and set your Tor proxy server to accept inbound for this random port. This will basically squash outbound beacons.

How ?
You will need two computers to test this. On the Tor proxy server,find out the LAN router assigned internal ip address using
$ ip link

( for example say its 192.168.5.153) and add these lines to /usr/local/etc/tor/torrc

SocksPort 127.0.0.1:9050
SocksPort 192.168.5.153:34591

This tells tor to listen on ip interface 192.168.5.153 on port 34591 for SOCKS5 connections.

Next allow the computers that you want to allow to connect to your Tor SOCKS proxy with the following lines

SocksPolicy accept 127.0.0.1
SocksPolicy accept 192.168.5.153
SocksPolicy accept 192.168.5.154
## SocksPolicy accept 192.168.0.0/16 # Allows everyone on your LAN to be allowed to connect to Tor
SocksPolicy reject *

So now 192.168.5.153 and 192.168.5.154 are authorized to connect to your tor proxy.
You also need to allow inbound access through the firewall.

use

$ ip link
on each computer or nmap to discover the ip's and mac addresses and add them as variables into endwall.sh

########## CLIENT IP and MAC ADDRESSES ##############
proxyhost_ip=192.168.5.153
proxyhost_mac=FF:FF:FF:FF:FF:FF

client1_ip=192.168.5.154
client1_mac=EE:EE:EE:EE:EE:EE

######### LOCAL HOST SECTION ###########
lo_open tcp 9050
lo_open tcp 34591

############## SERVER INPUT SECTION #########################
server_internal_1p tcp 34591 $proxyhost_ip $proxyhost_mac
server_internal_1p tcp 34591 $client1_ip $client1_mac

######### Add more clients individually as required
now rerun endwall on the proxy server

$ su
# ./endwall.sh

###################################
Now over on your client computer make sure that you have outbound locked to the server in endwall.sh

add the ip addresses and mac addresses to your script as before then add

################## CLIENT OUTPUT SECTION

client_out_internal_1p tcp 34591 $proxyhost_ip $proxhost_mac

#######################

Now comment out the rest of the output section as desired and rerun endwall.sh on the client .

Test this configuration by opening links2 and changing the proxy output from 127.0.0.1:9050
to 192.168.5.153:34591. Now access an onion webpage in links to test it. Should work.

For torsocks you now use the -a and -P flags

$ torsocks -a 192.168.5.153 -P 34591 -i curl www.google.com

I will be modifying all of the Endware files to allow for setting the Tor socks proxy ip and port in the script. I'll default it to 127.0.0.1 and 9050 so that it acts the same as before but you will be able to modify it in the script moving forward. I'll leave the variables torsocks_ip=192.168.5.153 and torsocks_port=34591 commented out as examples in all of the scripts moving forward.

So now you can safely close all outbound client out ports except for 34591 and route everything through your tor proxy server. I'm currently operating this way. It seems to work / have positive effects. The idea is that all of the outbound implant beacons
Edited last time by Endwall on 08/13/2018 (Mon) 21:43:35.


Endwall 08/13/2018 (Mon) 22:04:00 [Preview] No.1270 del
The idea here is to have a minimal install no GUI just a few packages on the Tor proxy server, and use it as a proxy into Tor. On your client computer you will have a full GUI, and probably have installed several packages, some, which unknown to you, will have malware. This malware can be as simple as keylogging with an output beacon going out through port 53 or port 80. It will take you months of scanning your logs to even clue in to what's happening, in the mean time all of your Tor postings are correlated back to you by running the messages against a giant database of clear text key strokes.

So you close all of the ports including port 53 and port 80 to general output, you may mac address bind port 53 to a dns server (same computer as the proxy server) using the same method described with endwall.sh, as well as setup squid to mac address bind port 3128 to the squid proxy for 80,443 and close regular port 443 and port 80 output by commenting out those sections in outbound. That way general output on port 53,80,443 etc is suppressed (dropped), so that the malware beacons can't talk out.


Endwall 08/13/2018 (Mon) 22:10:33 [Preview] No.1271 del
I have a computer with parabola openrc with only a single port open to send socks5 proxy to the Tor proxy server. That's as good as it gets for me for now. My main desktop is MAC address bound to DNS servers (2 computers) and MAC address bound to the Tor Proxy, and Squid Proxy. I leave some ports open so that I can watch TV with endtv and endstream, which don't work behind squid. So I leave port 80,443,1935 open to general output on my desktop so that I can watch TV still. But you can modify some of the streams to lowest quality (low bandwidth streams) and run them behind Tor, reasonably well if you want to close port 80 and 443 for good. Oh but yeah you have to run it with 3 hops for a good transfer rate, still better than a VPN i guess. So you need to compile and link two versions of Tor, tor_stable with 6 hops and mods, and tor_stock with just the stock configuration with 3 hops. I use tor_stock when I use mpv to get around georestrictions, but you can use it for everything if you lower the bit rate on the streams.

Doing similar port restricting and mac address binding proxy schemes using OpenBSD or Gentoo Linux would be the next step. The final step will be to use dumb 8-bit machines to proxy into the Tor Proxy once someone designs it and produces the software.


Endwall 05/10/2019 (Fri) 17:38:58 [Preview] No.1396 del
https://metrics.torproject.org/bubbles.html#country
>requires Java Script
84 countries with 6676 relays (3464 visible)
Germany, US, Netherlands, France are the largest pools of relays.

https://metrics.torproject.org/bubbles.html#country-exits-only

58 countries with 908 exits (776 visible)

It would be nice if this page displayed point counts by country circle. But estimating by the size of the circles about 1/8th of world relays are in USA, and 1/5th of world exits are in USA.

US relays 6676/8 = 834.5 ~ 835
US Exits 908/5 = 181.6~182

So if all 3 nodes in your path stay in the United States, you have 835 C2 * 182 possible paths. this is 63,371,490 or 64 million If you are under surveillance as then only 835*182 = 151,970 possible paths need to be investigated. This is an extremely tractable problem.


Endwall 05/10/2019 (Fri) 17:47:09 [Preview] No.1397 del
Hypothetical Algorithm for De-anonymizing Tor Users who use Exit Nodes to view Clear-net resources.

Approximate stats: 6000 Total Relays, 1000 total exit nodes

6000 C 3 = 3.5982002 E10

So that's 35.9 Billion possible three node combinations/path selections.

Here is a possible type of attack, or analysis method. I would model all three node paths for travel time, or just model / send ping packets through each of the 36 Billion paths and make a lookup table of travel times. Then if you have all entry and exit nodes monitored (which they don't) then you could use this lookup table and compare it to what you see in real life. This will rule out certain paths.

Say that Joe is an important person who uses Tor, and all of Joe's outbound connections have been placed under surveillance. Joe connects at node A at time t0, and simultaneously within a 5 second window traffic emerges at 1000 distinct exit nodes and was observed. Calculate the time difference between these connections, and compare with the lookup table values that contain these entry and exit nodes. This will weed out several of the possible paths. So say the empirical travel time / delay time to these 1000 nodes from node A ranges from 100ms to 400ms, then you can cross off all paths with node A and the exit node (in the lookup tables) that are greater than 400ms from your ping tests, and less than 100ms and come to a smaller subset of 3 node paths.

Form there examine (from your listening posts) if any of those potential 3 node paths matches connections between node A and the remaining possible exit nodes. Namely look at all of Node A's connections in that time window and compare this to the remaining paths in the lookup table. That will give an even smaller subset of paths to examine.

At that point you could calculate probabilities of the path selections being correct and rank them by the most probable. Seems like a lot of work but with only 34 Billion possible paths this seems tractable for a super-computing cluster.


Endwall 05/10/2019 (Fri) 17:50:46 [Preview] No.1398 del
So say Joe is an important person and has been placed under surveillance. All of his connections to node A are timestamped and logged. Given that you know Joe connected to Node A, you really only have to look at 5999 C 2 possible paths = 17,991,001, or about 18 million paths. Very tractable.

So from all exit nodes that are monitored from the traffic bursts in that 5 second window, calculate delta t from Joe's connection to node A at t0 to the first burst of data coming from the 1000 exit nodes. From this calculation 100ms<dt_Joe<400ms

Go to the lookup table for Node A connections to those 1000 exit nodes and cross out any paths that have dt A->C < 100ms and dt A->C > 400ms This should bring your 2 million possible paths down to tens of thousands, then rank them by the distance of dt_joe to dt_model. A -> B_j -> C_k dt_model dt_observed From the top 100 closest rankings ( smallest absolute difference | dt_model - dt_model | , examine the connections from Node A to middle Node B_j and see if any of those node A connections match with the top 100 paths. If so you now have the complete path. If not look at the top 200. This would weed the paths from 10^4 down to maybe 100 or so.

Then from these 100 possible connections observe what they do and correlate this to things you already know about Joe and his habits. This should weed the connections down to 2 or 3. If all three of the connections happened inside of the surveillance grid ( pass through listening posts (logged routers) along their path) then all of this analysis could be performed, probably automated and within a day or two.


Endwall 05/10/2019 (Fri) 17:59:58 [Preview] No.1399 del
But now since you only observed 1000 exit nodes making traffic and you know node A was used by Joe, you only have to search 5999*1000 = 5,999,0000 possible paths from C observed to B possible middle nodes. So you only need to do 6 million delta t travel time comparisons.

| dt_model - dt_observed | where dt_model is from the lookup table of values containing node A and C, and dt_observed are the actual calculated dt values from Joe's first connection to the first output burst at those 1000 exit nodes.

And this is why you want two things :
1. Intractable amount of possible paths.
2. Entire path not under a single surveillance grid.

Which can be achieved by. 1. Making the path length longer than 3 hops. 2. Chosing each node far away from each other outside of the supervision and jurisdiction of a single monitoring authority.

US relays 6676/8 = 834.5 ~ 835
US Exits 908/5 = 181.6~182

So if all 3 nodes in your path stay in the United States, you have 835 C2 * 182 possible paths. this is 63,371,490 or 64 million. If you are under surveillance as mentioned then only 835*182 = 151,970 possible paths need to be investigated. This is now an extremely tractable problem.

150,000 dt_model constructed by sending ping packets through all 64 million 3 node USA only paths.

182 exit nodes * # number of new connections in 5 second window.

Measure all of those dt's and compare to the model values. Remove all model paths that are bigger or smaller than your max and min. Rank paths by smallest travel time distance. Examine all connections from Node A and match with your remaining model paths.

Rank paths by smallest travel time distance difference. closest model to real data ranked higher.Observe the top 100 paths. Repeat this process over 30 mins - 1 hour to build statistics. The paths that constantly remain in the top 10 are your likely complete paths. Tabulate all internet traffic from these remaining exit connections, and pin them into Joe's profile file. Then generate a report.

This could go from 150,000 -> 10000 -> 100 -> 2.

Also why your circuit should change frequently.


Anonymous 05/26/2019 (Sun) 20:02:01 [Preview] No.1405 del
>>1399
>>1399
Given the need for increased hops the mod for 6 hops in the tor source code along with endrc 14 eyes exclusion helps 1 and 2. Now you say using exit nodes for clearnet resources.Does all clearnet resources seem the same or would say using proxy-chains with multiple or single proxies over 127.0.0.1:9050 be roughly the same thing?


Endwall 06/13/2019 (Thu) 05:18:51 [Preview] No.1412 del
>>1405
Cross correlation on bit rate as a selector would be a cheaper and faster way to de-anonymize Tor users, and it would work most of the time.

Going through 3 high anonymous proxies after jumping out of tor before hitting your target would be helpful in my opinion. Anything to make it harder for them to pin point where you're coming from is helpful. Once you're not coming from the Tor network certain things open up, and you may just avoid detection by not coming from the tor network when you touch your target. Try different things / combinations. Proxychains is helpful for using high anonymous ssl and socks5 proxies after exiting tor. It might be helpful. That's just my opinion, I'm not an expert.


Anonymous 07/03/2019 (Wed) 08:53:46 [Preview] No.1432 del
>>1412
very good info thanks. Good rule of thumb.


Anonymous 07/17/2019 (Wed) 16:54:08 [Preview] No.1443 del
>>2
>What's the safest possible way to browse the internet anonymously and safely?

Qubes with Whonix.
/thread


Endwall 07/18/2019 (Thu) 06:23:02 [Preview] No.1444 del
>>1443
https://en.wikipedia.org/wiki/Qubes_OS

Linux-based OSes and others) Userland Fedora, Debian, Whonix, Microsoft Windows

The main install is Fedora (Red Hat), runs on Systemd, the Whonix gateway and workstation run on Debian on Systemd. And they recommend also running MS Windows. Is the Xen Hypervisor really able to create perfect isolation? Can hardware based methods get around that and grab everything from memory if you're using modern Intel CPU and chip-set with AMT and ME management engine?

I don't trust Red Hat, I don't trust Debian or Systemd, and I certainly don't trust MS Windows for privacy based applications, although they're rock solid for non privacy based platforms. If you're using a full fledged desktop environment like KDE or Gnome, you probably already have malware installed on your setup. I think this is security theater. Isolation is a good idea, but why not just get two machines , one for the gatway running on OpenRC on gentoo, or Hyperbola, running tor that you compile from source, with 6 hops, and the other machine with a minimal desktop (fvwm, twm etc), fire-walled and locked down forwarding only what you want (specific applications on specific ports) and blocking all others, like links browser, icecat or even tor-browser through the gateway machine proxying on port 9050 through tor. Rather than trusting virtual machines and hypervisors which are un-audited and bound to have bugs, and backdoors, and zero-day exploits.

Cool idea, worth checking out, but not the end of the thread....not even close. x86,x86-64 are not where you want to be for security, or privacy, and minimal means less software, only what is necessary for the job at hand. Good recommendation to check out, but it has some problematic features. I use the isolation method that I described proxying through a tor proxy on a second machine with a minimal install with 4-10 packages after base installed and fire-walled with modified endwall.sh , 6 hop modded tor, compiled from source. Cubes has some good ideas (isolation), but I wouldn't trust my life on it, and I have serious reservations about Red Hat, Fedora, Systemd, MS Windows, and un-audited virtual machines and hypervisors. Isolation and compartmentalization are good ideas though and should be practiced. For instance make an air-gaped machine as your No internet zone, and you can be certain that it has no internet connectivity or access, not just take some programmer's from Invisible Things Lab word for it...


Endwall 07/18/2019 (Thu) 06:45:35 [Preview] No.1445 del
Kernel type Microkernel (Xen Hypervisor running minimal Linux-based OSes and others)
Userland Fedora, Debian, Whonix, Microsoft Windows

There's nothing minimal about KDE...or Fedora.

Worth checking out for ideas, but don't do anything that would get you killed or imprisoned on it. Systemd on Fedora, with MS windows...Debian on Systemd on a virtual machine on a Hypervisor....on x86-64 with Intel AMT and ME....think deeper about this problem...

I don't care if Edward Snowden or Edward Norton uses this and swears by it. There are deeper more serious problems going on at a more fundamental level (hardware, bios, kernel, user land, package repository) , that this product isn't going to help you to avoid.

Isolation and compartmentalization are good ideas, but just use 4 different machines instead, rather than relying on one computer, some virtual machines and a hypervisor to do the isolation for you...

For browsing onions for porn or for cyber-stalking your ex.... go ahead. But for serious shit that could land you in jail or get you killed, using this system and expecting immunity from surveillance is unwise.


Endwall 11/15/2019 (Fri) 02:25:32 [Preview] No.1496 del
>>1445
Taken from a post on Nanochan,

"the post was asking about using virtualization as an added layer to browse tor. no one has answered the question yet. the reason to do that is because there are N-many ways to figure out who you are through javascript and/or through nuances in your hardware setup and how it interacts with elements on a page. it's called a fingerprint. check out the site amiunique. also look into these issues, there's a lot of discussion about them. so using a virtualization, as one solitary post below pointed, will make it more difficult for others to discover identifying characteristics about your hardware setup." Nanonymous 2019-11-13 21:42:05 No.16537

So one upside of using virtualization is that it can obscure / make uniform the details of your hardware, for fingerprinting, should a javascript exploit or something else open you up while browsing the web through Tor Browser with javascript turned on for some reason... Isolation, Compartmentalization and Anti-fingerprinting.


Anonymous 11/15/2019 (Fri) 06:05:31 [Preview] No.1499 del
>>1496
Yep. This stuff is important because it's certainly not infeasible for a Tor browser escape/infoleak exploitation to be made, so virtualization like Whonix becomes very useful in mitigating the usefulness of such an exploit.


Anonymous 11/20/2019 (Wed) 01:22:56 [Preview] No.1501 del
Install openBSD set up tor proxy. block all non tor packets. use tor browser. Why? The internet isn't private or anonymous. You've already de anonymized yourself here. If nsa wants to watch you flip through pages, they will, but I think you should be more concerned about "script kiddies" trying to crack your WPA.


Anonymous 11/20/2019 (Wed) 12:39:46 [Preview] No.1502 del
>>1443
No it's not.


Endwall 12/23/2019 (Mon) 10:32:17 [Preview] No.1510 del
Current Tor Browser User Agent:

Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0


Anonymous 04/14/2020 (Tue) 23:46:14 [Preview] No.1526 del
how many unrelated/chained in other countries vpn's should a person use? I would guess a person like kevin mitnick would say about 25. A more reasonable number may be 7. 1 is basically not enough but I am seeking more suggestions.


Anonymous 04/18/2020 (Sat) 20:09:07 [Preview] No.1527 del
>>1526
Funneling your traffic through >7 will probably not help your privacy in any significant way. Just use Tor Browser.


Anonymous 06/25/2020 (Thu) 09:13:46 [Preview] No.1538 del
What's the good word about using TOR from a geographically isolated position?
Would you be fingerprinted straight away?


Endwall 06/27/2020 (Sat) 08:40:51 [Preview] No.1539 del
>1527
I disagree
If you use only 3 hops, and all traffic stays within the country of origin, then they can deanonymize you with cross-correlation, wit 70-80% accuracy, by cross correlating the input and output streams and looking at bit rate as the selector for the time series.

I say use as many as seems reasonable for your application, and jump very far away from your physical location. I found that file transfers for endtube/ oldtube became very slow after around 8-9 hops. so I backed that off to 7. For a sensitive application (endmail) mod it for 12 hops.

I use tor browser, and links -g for browsing and posting, my tor router is ruunning on a headless server and I route the traffic to the tor proxy port (9050) on that machine on the network, from my x org client. I have this modded for 7 hops, then when it comes out the other end it connects to 3 hops when using the tor browser, but the final exit of the 7 hops for the proxy connection, is the start of the 3 hops for the tor browser conenction. When i'm browsing for the most part I use links -g with 7 hops chained to the headless tor proxy machine. when I need to do web 2.0 , I use tor browser proxied through the tor router proxy machine.

I have found that this is a significant improvment in anonymity.

>1538
The ISP will know that you're using Tor. If you jump on the first hop to a distant country and bounce around 12 times in adjacent or distant coutries, it's less likely that your host country (the one that you're trying to evade) will have infrastructure in all 12 of those locations to perform robust analysis. If your circuit switches every 30-60 seconds, then the statistics for the cross-correlation will get scrambled because the time delays will keep changing every 30 seconds.

In general just watching is safer than actively posting.

The people who try to get you to keep it stock but then don't give logical reasons why this is better (appealing to authority etc) are not looking out for you. They have an automated system to deanonymize Tor, and it works best with stock Tor browser with 3 hops. It's been used against me. Since I've switched to long chain hops, I've had less problems.

IF you want to download stuff 7-9 is the boundary. If you're just sending messages beack and forth, 12-15 hops should be sufficient. Your first hop should be very far away, out of your jurisdictin, and subsequent hops should traverse as many countries as possible. That's my advice. I've found this strategy helpful.


Anonymous 06/27/2020 (Sat) 09:02:26 [Preview] No.1540 del
To post on here with links -g, you need to set the cache to 0,
ESC -> SETUP -> Cache

set all the values to zero, and uncheck aggressive cache. Then you can get the captcha updates by refreshing with CNTRL +r .

My setup:
Tor Browser on Xorg (twm) -> headless server port 9050 as socks proxy -> Tor ->distant country for 1st hop + 7 hops ->exit=> 3 hops as per regular

or :
Links2 -g or links in terminal
-> 9050 on headless server-> 7 hops -> endchan.

Other options:

Close all ports except port 9050 outbound, proxy to port 9050 on headless server with tor socks5 proxy -> 15 hops -> target.

experiment with adding 2-3 https or socks 5 non tor proxies at the end depending on what you're doing. If you're sending endmail to a endfix server , with 15 hops, and 1 port I think you're probably OK.

My preference for operating systems is MS DOS 5 + links -> proxy
or FreeDOS +links -> proxy.

A retail box of MS DOS 5 from 1988 has no malware or keylogging on it by default, it's a single tasking OS, you need to install a packet driver, and the browser software (links), then that's all you have to worry about. With unix/linux there's usually way to much going on.

Those are just my opinions on the matter. Try different things, and see what works for you.

I say DOS + Links + TCP/IP driver -> linux/unix server on arm or other non x86-64 system running tor with 15 hops mod. DOS will give you privacy, linux/Unix security, and Tor with Links browser anonymity. Using a physical proxy will isolate the systems. With DOS you only need to worry about 2 pieces of software spying on you (the browser and the packet driver). In linux top says there are around 200 proceses working in the background. That's 198 too many.


Anonymous 06/27/2020 (Sat) 12:14:46 [Preview] No.1541 del
>>1540
>>1540
brainstorming your dos suggestion. is their any worthwhile sandboxing methods like firejail maybe that bubblewrap program or running the tor daemon over fssb https://github.com/adtac/fssb be beneficial? kind of stops the logging aspect found in ~/.tor/


Anonymous 06/27/2020 (Sat) 12:19:10 [Preview] No.1542 del
>>1540
>says there are around 200 proceses working in the background. That's 198 too many.
I know. Stuff like watchdog and all kinds of daemons running wild.the biggest load of crap is telling people systemd is all you got to look out for. First of all javascript but only systemd is not true. That's why I like your approach.


Endwall 06/27/2020 (Sat) 20:15:07 [Preview] No.1543 del
Use Digital Research DR DOS if you don't like Microsoft. I have retail copies of MS DOS 5.0 on 5.25" floppies from 1991, and MS DOS 6.22 on 3.5" floppies retail from 1994. NSA\CIA\FBI etc don't have a time machine and can't time travel and insert malware into the base system retroactively.

DOS is a Single Tasking 16 bit Operating System programmed in x86 assembly; only 1 process on the top of the stack at a time. No keyloggers, runs in 384 KB of memory.

You'll have to audit 2-3 pieces of software ( a driver for a 3com or Intel NIC, and links 2 browser ) and compile using Borland Turbo C, or get a GCC compiler for DOS.
www.delorie.com/djgpp

Get a 486, or 386 with 16MB RAM install DR DOS or MS DOS, a NIC, a packet driver and the binary for Links, or compile it your self, set it to route through port 9050 on your tor router (running on Linux/UNIX). With that you'll be free to post whatever you want, nobody will know what you're doing on your computer, and if tor (or whatever comes next) works properly, then you'll be anonymous.

Free to read what you want from the internet, and post what you want to the internet.

>But but it's not FREE software,
> It's not GNU.
Precisely, I don't get copyright (legal) freedom, but I get actual (physical) freedom in the real world.
> But you could download an exploit; your system isn't secure.

Don't download and run anything from the internet on the DOS computer if you want it to remain with integrity. Just text reading and posting. Use it as a communications tool. Build a different computer for DOS gaming or use DOS Box on Linux/UNIX.

Start with Free-DOS or MS DOS on a Pentium 3, get it working, then down grade your system until you're satisfied. This is as far as a normal person should go and will achieve the desired effect.
Edited last time by Endwall on 07/04/2020 (Sat) 23:37:49.


Endwall 06/28/2020 (Sun) 06:06:55 [Preview] No.1546 del
The ultimate step is to build an 8-bit computer with a soldering iron (RC2014), launch a browser in a community audited version of CP/M, connect by socks 5 proxy to a unix computer running tor with 12-15 hops, and use a text browser for the web and and irc client in text mode. Proxy out to Tor or I2P or whatever the next super duper anonymity router is. In the mean time do this with DOS. This won't be a solution for the everyman or for the newbie, but it will be a solution for the serious thinking man.


Endwall 06/28/2020 (Sun) 06:16:36 [Preview] No.1547 del
>>1541
Anything you can do to isolate the tor daemon from the system or its running processes will help. I'm running it as a user with a custom torrc. If you can first run firejail or bubble wrap, or chroot it and get the tor daemon to still function it might help. I consider the linux/unix environment potentially hostile to the user and a potential source of packet inspection. Basically linux can be used to keylog the users and destroy the anonimity factor in real time or in post analysis. If there is key logging with an output beacon on your machine, you don't have privacy, and Tor Browser isn't going to help you with anonymity. If there is malware that can mess with the tor daemon as it's running, then it might be wise to try to isolate the process, so yeah probably a good idea. I'll try running it with firejail it probably won't work. If you get a setup like that and find it beneficial, please post the steps and instructions here. Thanks.



Top | Return | Catalog | Post a reply