How to use correctly TOR

[Carding 4 Carders]

1. Don't use your mobile phone for 2-step verification on TOR
Most websites provide 2-step verification using the mobile number that sends an OTP (One Time Password) to your mobile phone number, allowing you to log into your account securely. You should be careful when using the TOR browser to access your account.
Providing your mobile phone number to a website will only hinder your online anonymity as it will be easier for you to track you using your number. Please note that even if you use a SIM card registered under some other name, your carrier can easily track you as they also store your device's IMEI number in their database and can be used to track you.

2. Do not use user accounts outside TOR
If you use the TOR browser to check your Facebook, Twitter or email accounts, never use those accounts outside of the TOR browser as it will post your online information to the website. Nearly every site on the network now logs information such as your login and logout times, your location, your IP address, and other details. Using your account on the open Internet even once will be sufficient to register your IP address and ultimately identify you.

3. Don't post your personal information
You should embed this moment in your heart, do not post personal information like name, address, birthday, credit card number when using TOR. This will reveal your identity and there will be no point in using TOR, I hope you understand.
To hide completely, you need to be a pseudonym. So what is it? This means that you need to present yourself as a person with disparate behavior when using TOR. The new person should have different kinds of morals and hates, food choices, fantasies, etc.
To this end, create a new user account with a new email address that doesn't even reflect your real identity. You can use this email address for your social accounts and enjoy your anonymity and praise the power of TOR.
Also, don't be confused between anonymity and pseudonym.
An anonymous connection is one in which the server you want to connect to has no idea of your real IP address / location and your identity.
A pseudonymous connection is one in which the requested server has no idea of your actual IP address / location, but has an identity that it can associate with the connection.

4. Do not send unencrypted data over TOR
While you were reading the article about TOR, you came across the fact that TOR encrypts your connection, not your data, and the TOR exit nodes are vulnerable. Therefore, it is very important not to send unencrypted data over the TOR network, as someone could access your information while the data is at the last node.

5. Don't use TOR with Windows
Windows Microsoft is the most used desktop operating system in the world, but it doesn't seem to work if you want to use the TOR browser. Credits are packed due to operating system vulnerabilities and can reveal your identity even if you use TOR to access the Internet.
Linux systems will serve you well for this purpose. Linux distributions like Tails and Whonix are preconfigured with TOR. You can manually configure it on any distribution you like.

6. Remember to delete cookies and local website data
When you access a website, it sends a small file to your computer that stores a record of your browsing habits and other data so that the website can recognize you the next time you visit, this file is called a cookie. Some websites may also store data locally on your hard drive.
You must delete these cookies and local website data after every browsing session you perform on TOR. These things can allow the site to collect information about you and track your location and IP address.
Later versions of the Tor browser automatically deleted website cookies and loaded history after the session ended. As an alternative. you can click on the "New ID" option (press the bow button in front of the address bar) to keep the Tor browser open.

7. Don't use TOR for Google Search
If you want to be anonymous when using TOR, don't use Google to find your queries. While this sounds strange, this is because Google collects information such as your searches, stores cookies on your computer, and tracks your browsing habits in order to enable its advertising services.
You don't want to reveal this, do you? This way, you can use other search engines like DuckDuckGo and StartPage as they don't register your IP address or any other action. In fact, there have been instances where Google worked correctly with Tor. They may display an error message or how you can solve the captcha. This is because people who go to Google via Tor become suspicious.

8. Don't use an HTTP site in TOR
You know very well that TOR can be exploited by exploiting the vulnerabilities that exist on your exit nodes. Thus, if you access HTTP sites using TOR, chances are that someone could access your information while it is on the endpoints. The data sent to and from the HTTP site is unencrypted and can be viewed on endpoints since TOR only encrypts the connection within its network.
You can prevent such situations by using HTTPS sites. They use end-to-end encryption protocols such as SSL (Secure Socket Layer) and TLS (Transport Layer Security). This way, all your data remains safe even if it is outside the TOR network.

9. Do not connect to the same server with and without TOR at the same time
Here's one important thing to keep in mind. If you are accessing a specific remote server using TOR (anonymously), do not access the same server outside the TOR network (not anonymously), as this could reveal your actual identity. This is because in case your internet is down, both of your connections will be terminated at the same moment, and it won't be too difficult for you if someone is spying on you to connect the pieces and complete the puzzle.
Alternatively, the web server may try to match the two connections by increasing or decreasing the speed on one of your TOR or non-TOR connections to see if the speed changes on the other and therefore tracks your real IP address.

Final Words
For being anonymous on the Internet, TOR is a great option, even if federal agencies criticize it for acting like a barn for illegal activities. Let me assure you; it was not created for this purpose. You only need to take some precautions so that you don't damage the network.
Being anonymous is sometimes. Maybe because you just want to be a pseudonym for a while, or you are an activist who wants to spread some information, or you are accompanied on the Internet. TOR is for you, you only need to learn how to use it effectively and you will start to love the digital world.

(c) https://space.gerki.ws/threads/3674/

 

[Carding]

Is TOR really anonymous?​

We have all heard of the Torah and know that it is used for anonymization. It helps you hide the real ip address, dns server, and other personal information that every Internet user has. But let's find out how reliable the tor is in terms of anonymity, and what can cause deanonymization.

Packets in the tor network travel a long way from the client to the destination server, because tor adds many intermediaries. Let's see how anonymous the user is inside the tor network itself.

To get a complete picture, you need to know that the network has security nodes, intermediate nodes, and output nodes. The client communicates with the security node, which in turn transmits traffic to intermediate nodes, and only they already give everything to the output nodes that communicate with the Internet. Thanks to these routes, tracking packet owners becomes extremely difficult: each node only has information about where the data came from and where it should be sent. This means that none of the participants has information to compromise the user. The most dangerous link is the exit node. It is trusted, and even if data on all other nodes is encrypted and cannot be read by an intermediary, if the target Protocol does not provide for traffic encryption(http, ftp, telnet, etc.), the output node can stand in the middle and monitor or replace traffic. For this reason, it is not recommended to download files using tor: they can be modified by the output node.

But if you look at the structure of the network as a whole, there are no obvious threats to anonymity. Of course, if there is no personal data in the traffic.

The main threat to anonymity when using TOR sits a couple of meters away from the monitor. No matter how well tor tries to hide your data, any mistake made by the user can become a serious threat to anonymity. For example, by mistake, you can automatically enter your real e-mail somewhere. Even if you notice this error before submitting the form, the page may contain a script that checks e-mail against the site database, sending the form content to the server whenever it is changed. In this case, the anonymity of continuing to use this network configuration is already in obvious doubt.

A random link opened in a regular onion browser, lost in the browser history, and similar things can reveal the fact of using tor on the computer when examining the computer in detail for oddities, and depending on the content of the site, they will reveal a lot more interesting information.

With carelessness, everything is clear, but is there something that even vigilant users should be afraid of? - Of course there is: it is not difficult to determine the fact of using the tor on the server, but this does not mean that after that the user will be at ease: anonymity is provided by the difficulty of determining the user's unique data. But if they are detected, they can give a person away and without having to catch personal data from the user himself. Obviously, if you log in to the forum via tor, for example, but use your main account information, then tor will not be able to give you any anonymity. Even if no personal data was used in the account, the administration most likely keeps a log where it is indicated who did what and under what ip. Once your real ip address or other personal data is leaked there, anonymity comes to an end.

But in addition to the obvious signs, if not a few less obvious ones. These attributes are unique system identifiers.

Unique system IDs
A serious threat to anonymity. Unique parameters can include the system time, time zone, installed plugins, and so on. Tor as a transport for traffic, do not try to hide such data about the client. The task of hiding personalized system data lies with tor browser. It is built on the basis of Firefox and is configured in such a way as not to give out unnecessary information. How good is he at it? Well, many little things are thought out there, which makes the process of identifying a tap user a difficult task.

Difficult, but not impossible. Here are some clever user tracking techniques that will work even in tor:

CPU benchmark - running time-consuming / resource-intensive operations in the browser and measuring their execution time. Different computers have different hardware, performance settings, and so on, so the results on different machines may vary greatly.

getClientRects - use this function to find out data that depends on many browser and system settings. However, due to the unified tor browser settings, the effectiveness of this method is lower than in regular browsers.

The window size in tor browser is fixed at startup, and this is not without reason: after all, it can also serve as a flag for tracking the browser. Tor browser with a non-standard resolution stands out a lot, so it's best to always leave the standard resolution.

In addition to using technical parameters for surveillance, behavioral features may also be noted. For example, specific features in moving the cursor. Such an analysis can hardly be performed automatically, but an expert opinion can reveal this as well.

There are unique parameters, but in reality, the search process for them is complex and requires a lot of data. Ultimately, it will all depend on how hard they search for the person on the other end of the phone.

Each unique parameter individually has low accuracy in identifying the user, but in combination, high recognition rates can be achieved. Often, a detailed study makes it easy to identify all the actions of a single user, even if different accounts were used and the tor output nodes changed. The main question is whether it is difficult to link this data to a specific person: this already depends on the user's caution. I said about the main methods of personal data leakage, you just need to be careful and not give yourself away, and the tor network will hide you fairly securely.

 

[Hacker]

TOR is not anonymous, we are splitting up
Only an experienced person can understand that there are no absolute means of anonymity. All these proxies, vpns, socs, mac change... What is more important in them - real protection from disclosure or banal autosuggestion? Especially if we are talking about my mother's hunter of the forbidden, who goes to the Top via wired Internet...
And how many guides and manuals on anonymity have Telegram seen? Sadly, most of his audience doesn't even know how to count up to that much.
And in general, who is looking-he will always find. Marvel at the creator of Silk Road, who was taken under the white hands in one of the eateries in San Francisco.
You can only complicate the disclosure process as much as possible, confuse it, and delay it. This is very similar to hacking: there are no perfectly protected systems, but there are systems that will take decades to open. There is no perfect anonymity, but there is a chain of ways to stretch the detection of real data.

What we have
The main problem with Tor is that it is not protected from entering the clearnet in any way.
And yes, even such a serious development of the US military cannot resist the onslaught of special intellectuals who can also guess and start downloading something from" white " sites, turn on javascript or adobe flash player.
A team of scientists analyzed a large number of sites, and they came to the conclusion that 27% of the analyzed darknet sites can deanonymize their visitors themselves.

The NSA
Roger Dingledin, as not the last person in Tor (its designer) opened up with the NSA and said that his brainchild simply offers shelter to everyone who needs it, allows you to keep personal data intact.
In response, the NSA claims that Tor covers terrorists, foreign intelligence agencies, criminals and other creeping reptiles.

Although this is the lyrics. Listen to Snowden, he admitted that the NSA tried to open the Tor several times, and they tried successfully. It is clear that its network operates all over the world, and this train can no longer be stopped. But catching some cattle and castrating them one by one is a simple thing. Do not underestimate even the domestic authorities, not to mention the CIA or NSA. It's only at first glance that they consist of arrogant idiots a little less than completely. When pressed, their second breath, third eye, and sixth sense abruptly open.

Proxy service
Another of Thor's weaknesses. Its proxy services act as input points to the network, this is the same face control that sees your real face. But don't worry, if those who are interested in you get access to this data, you will still have a couple of minutes to make a will.
Researcher Sarah Jamie Lewis, who wrote the OnionScan service, which allows you to search for vulnerabilities in darknet resources, claims that 35% of Tor servers can be deanonymized, but the operators of these resources decided to play worse and do not even think to update.

Everything is not a panacea?
Well, why. The more paranoid you are about encryption, the more likely you are to remain anonymous. Experts recommend using HTTPS and TLS wherever possible. Tor encrypts only internal traffic passing through the nodes of the network itself, but traffic can come out of the output node in any form the browser does not control such parameters, leaving the user to decide what is preferable for him.
Tor is not an encryption tool. This application has other tasks. At the same time, experts emphasize that their words should not be taken as agitation against Tor. The biggest threat is a false sense of security.

In short, not a single Torus. Going out on the darknet with it alone is like going to a tank with a minesweeper shovel. I'm not asking you to turn on everything you can - tunnels, VPNs, I'm just asking you to turn on your head. With an adequate approach, you can do with one Torus, the main thing is to be aware of the actions performed. And remember, the darknet (like everything else in this world) is not for idiots, disabled people, and humanitarians.