Author

Topic: And now the 1 mln dollar question (Read 421 times)

brand new
Activity: 0
Merit: 0
August 31, 2018, 10:59:15 AM
#14
I have been learning a lot lately about security practices and just seen (let's call them idiots) who claim they are successfully running TOR in Windows 10 (don't try this at home) and inside a VM like Virtualbox.

Are they truly idiots or I am the one missing something here because as far as I know the keystrokes you hit in the VM can be read by Windows host OS?

Naturally TOR is not a guarantor of security on the Internet. What you explore on the Internet through VPN and other shadow services will be able to provide you with any student with minimal skills in programming. Of course it's not safe!
brand new
Activity: 0
Merit: 0
September 04, 2018, 09:41:28 AM
#14
Tor is usefull but you must use it correctly or it becomes a security issue.  Best practice is to run your own VPN servers use chains like proxychains to link your networt routing via multi layer say - Host>VPN>VM>Socks5>VM>VPN>TOR>NET 











Krogerfeedback
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
August 31, 2018, 05:54:22 AM
#13
Are they truly idiots or I am the one missing something here because as far as I know the keystrokes you hit in the VM can be read by Windows host OS?

Imho there are number of things you may be missing:
1. There are a lot of smartasses that think that if they use TOR they are safe no matter what. Computer science is not for everybody, you know.
2. There are a lot of people that use TOR because they think they have something to hide, but they don't, so nothing bad happens.
3. I agree that MS and Oracle (and Google or Facebook too and so on) are getting a tremendous amount of personal info. Imho the "problem" is that with so big amounts of you have to seriously bad things - or behave seriously different than the herd - to catch their eye. Else your leaked data will probably get lost in the mountains of other things (unless you are directly targeted, but that means you did something seriously bad).

Maybe I am too relaxed in this matter, but those "idiots" have a good chance to be just fine.
legendary
Activity: 1624
Merit: 2481
August 29, 2018, 03:37:24 AM
#12
What are the problems related to using Your in windows?
I don't use tor, but I find this privacy subject very interesting.

Using windows as a privacy orientated user is generally quite a big problem.
The leakage of information is tremendous.

But only switching the OS won't protect you that much. The user habits have to be changed. And the proper OS can help you with that.



I thought you would be anonymous using tor browser no matter what os.

Tor is not anonymous by default.
There are a lot of tracing techniques (which are being applied by law enforcement agencies).

It is not impossible to stay anonymous. But it takes more than simply just using tor.
newbie
Activity: 20
Merit: 0
August 28, 2018, 02:05:05 AM
#11
Thanks for your explanation. How about using TAIL & Bridge with your network:
Host > VPN > VM > TAIL > Bridge > TOR > NET

Is there any suggestion? Thanks
hero member
Activity: 1220
Merit: 612
OGRaccoon
August 26, 2018, 07:04:55 AM
#10
You can use VPN's create your own proxys or even run your own relay.
Further you can use VM inside VM and sandbox them if you are really paranoid.

Tor is usefull but you must use it correctly or it becomes a security issue.  Best practice is to run your own VPN servers use chains like proxychains to link your networt routing via multi layer say - Host>VPN>VM>Socks5>VM>VPN>TOR>NET  

Is also best to harden your systems with firewalls and IP tables.
Do not forget to custom your torrc file.

If you are looking to blockexit nodes in country's where they may be "bad exits" you can add lines to the config to block specific country exit nodes like so.

    EntryNodes {ca} StrictNodes1
    ExitNodes {ug} StrictNodes1

Or to chain them you can use
ExitNodes {ug},{us},{fr} StrictNodes 1
EntryNodes {ch},{jp},{nl} StrictNodes 1


Very impressive set of measures.

Sorry I'm somewhat short of sendable merits and couldn't afford more  Wink

Generally speaking, I think both security and privacy threats are context sensitive and relative with a linear behavior while our security measures stackup  rather exponentially, security wins.

I don't believe in cat & mouse analogies in this subject, I think no breach happens ever if you are aware of the incentives and committed to your policies.

Thanks for the merit!

This is just one chain structure than can be use you can cut them down to a more simplified versions

Host>VPN>VM>TOR the use things like mac spoofing and user agent modification to hide your browser and mac addressing.

or for mobile use look to setup your own VPn with raspberry PI called Onion PI.

https://learn.adafruit.com/onion-pi/overview


member
Activity: 742
Merit: 16
August 26, 2018, 03:35:47 AM
#9
Tor is not very good with privacy as people think it is,infact just stay away from it,I heard the browser is better though but either way I'm off better without any .
legendary
Activity: 1456
Merit: 1175
Always remember the cause!
August 26, 2018, 02:26:58 AM
#8
You can use VPN's create your own proxys or even run your own relay.
Further you can use VM inside VM and sandbox them if you are really paranoid.

Tor is usefull but you must use it correctly or it becomes a security issue.  Best practice is to run your own VPN servers use chains like proxychains to link your networt routing via multi layer say - Host>VPN>VM>Socks5>VM>VPN>TOR>NET 

Is also best to harden your systems with firewalls and IP tables.
Do not forget to custom your torrc file.

If you are looking to blockexit nodes in country's where they may be "bad exits" you can add lines to the config to block specific country exit nodes like so.

    EntryNodes {ca} StrictNodes1
    ExitNodes {ug} StrictNodes1

Or to chain them you can use
ExitNodes {ug},{us},{fr} StrictNodes 1
EntryNodes {ch},{jp},{nl} StrictNodes 1


Very impressive set of measures.

Sorry I'm somewhat short of sendable merits and couldn't afford more  Wink

Generally speaking, I think both security and privacy threats are context sensitive and relative with a linear behavior while our security measures stackup  rather exponentially, security wins.

I don't believe in cat & mouse analogies in this subject, I think no breach happens ever if you are aware of the incentives and committed to your policies.
hero member
Activity: 1220
Merit: 612
OGRaccoon
August 25, 2018, 07:34:44 AM
#7
You can use VPN's create your own proxys or even run your own relay.
Further you can use VM inside VM and sandbox them if you are really paranoid.

Tor is usefull but you must use it correctly or it becomes a security issue.  Best practice is to run your own VPN servers use chains like proxychains to link your networt routing via multi layer say - Host>VPN>VM>Socks5>VM>VPN>TOR>NET 

Is also best to harden your systems with firewalls and IP tables.
Do not forget to custom your torrc file.

If you are looking to blockexit nodes in country's where they may be "bad exits" you can add lines to the config to block specific country exit nodes like so.

    EntryNodes {ca} StrictNodes1
    ExitNodes {ug} StrictNodes1

Or to chain them you can use
ExitNodes {ug},{us},{fr} StrictNodes 1
EntryNodes {ch},{jp},{nl} StrictNodes 1

legendary
Activity: 2352
Merit: 6089
bitcoindata.science
August 25, 2018, 06:54:49 AM
#6
Well, running tor (you mean accessing the internet via the tor browser ?) is definitely possible on windows.
Whether it is the best decision to do so is a different question.


Hello bob.

What are the problems related to using Your in windows?
I don't use tor, but I find this privacy subject very interesting.

I thought you would be anonymous using tor browser no matter what os.
legendary
Activity: 1624
Merit: 2481
August 24, 2018, 01:47:10 PM
#5
What if I am 101% sure my host OS is not compromised and I have turn off all the features that can infect my host OS

If you'd be 101% sure and your system (theoretically) can't get infected (which is never the case), what would you be then afraid of ?
If your host OS is completely clean, what (confidential) keystrokes should be then read by the host in order to weaken your privacy/security? I might be missing your point.



is in this case a different story if I am using a Lubuntu OS for example inside the virtualbox program?

Generally, a windows system is more prone to malware.
This does not automatically mean that other OS are safe, but most malware is simply written for windows since it has the biggest user base.

So, 'in the wild', you are definitely better going with some linux. But regarding a targeted attack, it doesn't matter which OS you are running (regarding security, not privacy).



Virtualbox is made from Oracle which is quite known for leakages during their history so Virtualbox may not be safe at all ?

Virtualbox definitely had some major bugs which allowed malicious software to escape the virtualization, but you can never know if another software doesn't also have a bug (which hasn't been found yet).
I wouldn't call any virtualization software better than another. But this also may be due to the fact that i am not very familiar with VM's.



Anonymity and security are always together, you can't be anonymous if you are not really secure.

Security (in terms of information security) focuses on the C.I.A. paradigm (Confidentiality, Integrity, Availability).

And in fact you can use the web anonymous WITHOUT relying on security mechanisms (e.g. encryption (confidentiality + integrity), authentication (integrity), etc.. ).
copper member
Activity: 1442
Merit: 529
August 24, 2018, 01:19:26 PM
#4
Well, running tor (you mean accessing the internet via the tor browser ?) is definitely possible on windows.
Whether it is the best decision to do so is a different question..



I have been learning a lot lately about security practices

About security or anonymity? Those two differ quite heavily.



as far as I know the keystrokes you hit in the VM can be read by Windows host OS?

Yes.
If a host system is compromised, the VM should ALWAYS be considered as compromised too.
The host OS sits in between the VM and your hardware.


I like this conversation so let's continue.
What if I am 101% sure my host OS is not compromised and I have turn off all the features that can infect my host OS, is in this case a different story if I am using a Lubuntu OS for example inside the virtualbox program? Virtualbox is made from Oracle which is quite known for leakages during their history so Virtualbox may not be safe at all ?
Anonymity and security are always together, you can't be anonymous if you are not really secure.
jr. member
Activity: 234
Merit: 1
August 24, 2018, 01:16:38 PM
#3
i don't recommend TOR as a measure for security many similar services are out on internet genius and not compromised
legendary
Activity: 1624
Merit: 2481
August 24, 2018, 01:13:46 PM
#2
Well, running tor (you mean accessing the internet via the tor browser ?) is definitely possible on windows.
Whether it is the best decision to do so is a different question..



I have been learning a lot lately about security practices

About security or anonymity? Those two differ quite heavily.



as far as I know the keystrokes you hit in the VM can be read by Windows host OS?

Yes.
If a host system is compromised, the VM should ALWAYS be considered as compromised too.
The host OS sits in between the VM and your hardware.
copper member
Activity: 1442
Merit: 529
August 24, 2018, 01:07:43 PM
#1
I have been learning a lot lately about security practices and just seen (let's call them idiots) who claim they are successfully running TOR in Windows 10 (don't try this at home) and inside a VM like Virtualbox.

Are they truly idiots or I am the one missing something here because as far as I know the keystrokes you hit in the VM can be read by Windows host OS?
Jump to: