API tools faq
paste
Advertisement
DeadKyubey

Tor (Revised)

DeadKyubey
Sep 8th, 2014
2,898
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.76 KB | None | 0 0
raw download clone embed print report
  1. PLEASE READ THOROUGHLY FOR THE BEST DEEP WEB EXPERIENCE AND INFORMATION
  2. Questions? Concerns? Need someone to talk to about your suicidal thoughts?
  3. IRC.RIZON.NET
  4. >> /join #swiffarchive
  5. >> /join #lolichanIRC
  6. PM DeadKyubey or An1mu
  7. ---
  8.  
  9. There are rumors that the NSA has compromised Tor. Based on the Snowden leaks, Tor itself has not been compromised; rather, the NSA has used other methods to compromise Tor users. One of their tactics is to make people stop using Tor entirely. While it is true that nothing you do online is perfectly safe or anonymous, Tor is a fuck of a lot better than nothing, and if you're not an idiot and do everything right, chances are very low that you'll be identified by the NSA or any other adversary. But there's more to security than just using Tor. Don't use Windows or you're just begging to be keylogged and screenlogged. And make sure to set up Tor right, and to use it right.
  10.  
  11. Use the most recent version of the Tor Browser bundle (available at https://www.torproject.org/). Some old versions have a vulnerability. And if you try to set up Tor yourself instead of getting the bundle, you'll probably do something wrong. Just use the browser bundle.
  12.  
  13. -Enable NoScript (if you don't, you deserve to be v&, you fucking moron)
  14. -In NoScript's settings, disable all embeddings (@font-face, iframes, etc)
  15. -In Firefox settings under Privacy, use custom settings for history. The default option 'Never remember history' allows cookies. Make exceptions for sites you really need cookies for, and remove the exception after you're done with it.
  16. -In Firefox Privacy settings, do NOT 'tell websites I do not wish to be tracked', as this only sends a header that most sites will ignore anyway, and the header can be used to identify you.
  17. -In Firefox Security settings. do NOT block reported attack sites or block reported web forgeries, as they share your web traffic in order to work
  18.  
  19. ----
  20.  
  21. -In the URL bar type about:config and change these (IMPORTANT: note that some of these settings might already be at the recommended setting by default; make sure you are changing it TO the recommend setting, not away from; for example, if geo.enabled is already set to false, just leave it):
  22. network.http.use-cache false
  23. browser.fixup.alternate.enabled false
  24. dom.storage.enabled false
  25. dom.storage.default_quota 0
  26. gfx.downloadable_fonts.enabled false
  27. network.http.sendRefererHeader 0
  28. network.http.sendSecureXSiteReferrer false
  29. geo.enabled false (it should already be set to this, just make sure)
  30. geo.wifi.uri (in Windows, type 'localhost', in Linux, leave it blank)
  31.  
  32. There might be other settings in about:config that are worth changing, but do not change something just because someone tells you to -- they could be tricking you into compromising your security. Instead, do a web search for whatever setting they tell you to change (i.e. 'dom.storage.enabled' or 'geo.enabled') and read what it actually does.
  33.  
  34. Optionally: Disable OCSP validation. It communicates with clearnet servers. Edit->Preferences->Advanced->Encryption->Validation
  35. (might be under Edit->Preferences->Advanced->Certificates->Validation instead)
  36. This will only accomplish anything if you're only using Tor for the deepweb in your current Tor session. I heard that this would allow adversaries to switch your CA certs, I'm not familiar with this so I don't know if there is any risk to this.
  37.  
  38. If using Linux, do NOT run ./start-tor-browser --debug
  39. The --debug option logs every hostname their Tor connects to.
  40.  
  41. ---
  42.  
  43. Don't login to your account on any site, or go to any site that could be linked to you, in the same session as things you want to keep more private. Same goes for ussing different pseudonyms you do not want affiliated with each other. You can tell Tor to switch your identity, but you're better off exiting Tor and Vidalia entirely then restarting them.
  44.  
  45. Avoid downloading files if possible. If you must, only open them when you are not connected to the Internet. Some files can trick your computer into revealing your identity when opened.**
  46.  
  47. **PDF files fall under this category, folks.
  48.  
  49. If you want to be as secure as possible, use a VPN (make sure it's a VPN that doesn't keep records and destroys data securely) in addition to Tor. Use TAILS (https://tails.boum.org/). TAILS is a very secure Linux-based operating system. For local storage of files, use TrueCrypt (www.truecrypt.org)**. For secure communications, use GPG-encrypted emails. However, even with TAILS, Tor, and all of the other precautions you can think of, you're not perfectly safe. And if you're an idiot (i.e. use your real name or sign into an account associated with your real identity) you've just made all of the precautions you took pointless. Be smart and chances are they won't find you.
  50.  
  51. **Anon has stated that truecrypt is no longer safe
  52. "The maintainers have said it's not safe and not to use it, use bitlocker instead."
  53. This may or may not be true, as bitlocker is microsoft software and some believe it to be backdoored.
  54.  
  55. And remember, the more people that use Tor, the safer it is. If only 20 people use Tor, the NSA will be able to track them all. If millions of people use Tor, the NSA won't be able to track any of them. So spread this, get your friends to use Tor, crosspost this. The NSA is trying to get people to stop using Tor. According to The Guardian regarding the Snowden leaks, 'A third [method of compromising Tor users] attempts to degrade or disrupt the Tor service, forcing users to abandon the anonymity protection.' We need to counter that by getting as many people as possible to use Tor.
  56.  
  57. ---
  58.  
  59. Noobassfaggots
  60.  
  61. When using Tor, you can make your browsing experience safer...**
  62.  
  63. **Alot of these we went over earlier, but this was a separate post made later on,
  64. Review if you feel you need to.
  65.  
  66. -Enable NoScript
  67. -In NoScript's settings, disable @font-face, and change other settings (for NoScript and other add-ons) that look like they should be changed
  68. -Change Firefox's settings (anything that should be changed)
  69. -In Firefox settings, use custom settings for history. 'Never Remember History' allows cookies. Make exceptions for sites you really need cookies for, and remove the exception after you're done with it.
  70. -In Firefox settings, do NOT 'tell websites I do not wish to be tracked', as this only sends a header that most sites will ignore anyway, and the header can be used to identify you.
  71.  
  72. -In the URL bar type about:config and change these:
  73. network.http.use-cache false
  74. browser.fixup.alternate.enable false
  75. dom.storage.enabled false
  76. dom.storage.default_quota 0
  77. gfx.downloadable_fonts.enabled false
  78. network.http.sendReferrerHeader 0
  79. network.http.sendSecureXSiteReferrer false
  80. browser.download.manager.addToRecentDocs false
  81. geo.enabled false
  82. geo.wifi.uri leave blank
  83. browser.geolocation.warning.infoURL leave blank
  84.  
  85. use http://ip-check.info to do some basic checks
  86. Optionally: Disable OCSP validation. It communicates with clearnet servers. Edit->Preferences->Advanced->Encryption->Validation
  87. (might be under Edit->Preferences->Advanced->Cerficates->Validation Instead)
  88.  
  89. ---
  90.  
  91. NSA or FBI never had to worry about funding, as do many other agencies around the world.
  92.  
  93. FBI probably will crack a small part of tor, and tor probably will find a way to keep them out in the next attack. That is just what happens all the time. The crack usually means they make people unable to use it. That is what mostly happens in countries that do want to fully block tor, they try and find something unique about tor (and tor has a few of those) and then they block it that way. Tor, in almost all cases of law enforcement is not the weakest link, and even if you have unlimited budget, you usually have limited time, so you always attack the weakest link. In almost all criminal cases involving tor, that link is people being idiots.
  94.  
  95. You really, really are going the wrong way with trying to stop "stupid" people from going on tor. The more stupid people, the better. The more attention, the better. There is a reason tor is opensource and tries to get as many researchers as possible, its because attention does not hurt. More people do not hurt. You may wish to believe it does, it sounds kind of logical that if more people use it, more force will be put behind attacking it, but the proof of that does not exist. Although almost all snowden reveals were of older tor versions, even then the leaks pointed to tor not being broken. As do almost all arrests that have anything to do with tor. We all want the world to be with a little less idiot, but they aren't a problem for tor. Accept them, embrace them. If your security relies on you not being found, you get fucked. Just think about the ones you believe would break tor, do you really, really think there is no way they would know about tor if tor wasn't used more often? Tors model does not rely, in any way, on obscurity, quite the opposite. Adding it to tor does not provide any added benefits.
  96.  
  97. ---
  98.  
  99.  
  100. I should add that in Firefox's settings, when you select 'Use custom settings for history', MAKE SURE 'ACCEPT COOKIES FROM SITES' IS *NOT* CHECKED. It should be obvious, but in case you're retarded...
  101.  
  102. ----
  103.  
  104.  
  105. Download the latest version of the Tor Bundle at https://www.torproject.org
  106.  
  107. After you download and install Tor, click the NoScript button and click "block scripts globally". Then, go into about:config, search for network.http.sendRefererHeader and change it to 0. After that, search for javascript.enabled and change it to false.
  108.  
  109. After everything is finished, you're free to browse the deep web and not have to worry at all!
  110.  
  111. After tips:
  112. •Don't use the same username twice
  113. •Don't post personal information
  114. •Don't sign into personally identifying sites
  115.  
  116. ---
  117. links:**
  118. **No links. It is better that way, this is a guide.
  119.  
  120. Compiled by DeadKyubey
  121. You're welcome faggots
  122. https://twitter.com/Zayaeno
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!