Topic: How anonymous is TOR really? (Read 24516 times)

Actually, TOR helps you anonymously through many different workstations. But with genius hackers, you always leave personal information even when using TOR.

I got a way that Tor is totally anonymous, if you use tor and link it with operamini through an add-on, you will not only use the multiple IP that Tor
 can handle, if you activate the VPN option in Operamini you can have anonymity assured, and if You do some
 virtual machine, I think it will be more impossible to trace.

tor in itself is not completely anonymous but combined with other small tricks you can get good results, for example a vpn paid in crypto (monero) then firefox with tor and a public wi-fi without password, and eventually obscure the mac address of the pc /mobile phone...

It may not be totally secure, so it should be done with other add-ons, if you have VPN it is an ideal way for the IP that generates TOR to have its completion in the same cloud, that way it is much easier to have more anonymity. Also protect yourself with a virtual machine, so you will have fewer vulnerability options.

If you are truly paranoid, stick to "hidden services" (.onion addresses) and avoid the normal web (no exit nodes), use the Tor Browser from a live linux like Tails. The rest depends on your attitude, as mentioned earlier some people can't control their ego...

Tor is vital in oppressive regimes. People living nice countries only think about doing "bad" things, but under oppressive regimes a "bad thing" might mean reading an article from a "banned" media outlet or buying bitcoin. There is people who can get imprisoned years without seeing any lawyer or family only for expressing their political opposition on social media against the regime they live under.

Of course the original intention was protecting navy operatives passing Intel while remaining undetected behind enemy lines. It HAS to be anonymous enough, as there are people lives at risk here. But not everyone knows how to use it properly as that requires a strict discipline.

He is pretty good at anonymity if you know how to use it.

Did they login to FB from TOR or did they use a separate non-TOR browser for that ?

They (feds) have only ever caught people using Tor who talked to much in IRC/forums. So if you aren't telling the feds where you live and everything about yourself while you engage in freedom fighting activities then you are basically as anonymous as it gets.

Although unlikely, it could be possible for an ISP to scan looking for Tor connections. China does this, but they don't dispatch black helicopters they just shut the connection down. So if you are worried about this obviously you would want to tunnel Tor through a VPN, or use Obfsproxy to hide the Tor connection from your ISP.

It could also be possible they trap you in some sort of page full of browser exploits and then learn what your real IP is, though unlikely if java plugins are all removed and you aren't randomly going to suspicious pages people have emailed or linked you in IRC. If you are worried run it in a vm, or even better use virtual routing in openbsd to lock down the Tor daemon to local IP, chroot it, and set up your firewall to deny all outbound connections that aren't through Tor and these exploits are foiled.

Feds found out who China's l337 haxors were because they were dumb enough to log into facebook while hacking the gibson and the NSA got their cookies and found their real names. So, if these idiots are the super dangerous government hackers you are worried about sounds like they have no idea what they are doing and no chance at all tracing their own hand on a piece of paper let alone some sort of hollywood-esque backtrack through Tor hops to find you.

Pretty anonymous I would say, I recommend you don't host a tor node on your personal computer though 

Your tor server should have its own vm.

Is this solution too paranoid?

1. You connect to internet via VPN on the router
2. You run one VM (virtual machine) with linux & TOR for each web-page. So you have one VM for Bitcointalk, one VM for google and so on...
3. You delete your VMs every night and use a fresh VM for every new session so you can be 100% sure you dont have any trojans, cookies and other parasites.

But your session ID won't.

Let's just say that if Tor is not anonymous then nobody would bother to buy illegal stuff in silk road.
Once they visit the deep web/invisible web/dark net/onionland without using the Tor bundle they should expect Law Enforcers to bang at their door at any given moment. TOR is anonymous but purchasing a vpn software using your credit card will definitely tie your name to the VPN software. So don't be stupid do not purchase a vpn software using your money. Use free VPN software or better yet use only those that accept bitcoins.

What our noob friends need is a black-box solution: a cheap small wifi-router with upgradeable software where you have three modes:
-VPN mode
-TOR mode
-Default mode (just as all other routers)

As I said before I dont trust TOR fully (some endpoints of TOR is run by criminals, and some are run by NSA), but it is somehow better than revealing ones real IP.

Sadly, such complexity only shrugs off non techies as they like most stuff easy to use, very quick and easy to learn and conveniant.

If used correctly it can be pretty good, but if you use it incorrectly then there really is no point is it?

You should check tor's guides, they are pretty in-depth and will help you getting started.

Why would they spy internet if they were running the whole Tor?
It's like spying your grandma's toilet when your hot twin female cousins have their bathtub in your bedroom
Or mining Litecoins with your ASICs

This is on the frontpage of HN right now: https://www.eff.org/pages/tor-and-https

I think you might be on to something however here we are posting messages through the internet.

After the recent news of NSA spying on internet Im sure lot of the TOR network is run by the NSA itself...
The only secure way to protect ones privacy is to be really paranoid and not use internet or smartphones.

I don't understand how would anyone benefit from VPN or offshore VPS !?! Well imho noone can even know what traffic is your and what is not when you are connected to Tor (you are a node) - as there is know way to know where the the message originated. Or am I mistaken?

I like the idea of anonymous internet activity - trouble is all the baddies that use it too...

I use TOR from time to time but usually use VPNs because of security and peace of mind (but mostly just something to spend bitcoins on)

From bbc website:

If the ISP's begin to intervene, then I agree. Anonymity will be compromised. Until then however, if you used it correctly according to all the guidelines... it is anonymous.

This is a great article, however I'm not sure if this truly proves tor is completely anonymous.

The advice above is good, but also check out the links below.  Tor is great, but still has issues which one hopes will be remedied in the future to make it even better:

1. "Tor can't solve all anonymity problems. It focuses only on protecting the transport of data. You need to use protocol-specific support software if you don't want the sites you visit to see your identifying information. For example, you can use Torbutton while browsing the web to withhold some information about your computer's configuration." -- https://www.torproject.org/about/overview

2. Also read this section of an overview, then check out the links:   http://en.wikipedia.org/wiki/Tor_(anonymity_network)#Weaknesses

3. https://lists.torproject.org/pipermail/tor-dev/2012-September/003992.html

4. https://tails.boum.org/forum/Who_carries_half_of_all_Tor_traffic__63____38_operators/

5. http://www.syverson.org/tor-vulnerabilities-iccs.pdf

One longer-term issue is the centralized nature of the Tor directory servers.

http://ra.fnord.at

Actually laughed

What do you mean with 2 virtual machines?

What a hypocrisy. In same time they say it is meant for chinese and iranian dissidents as a tool to help break Chinese or Iranian law.

Of course it is common sense not to write on official homepage that the Tor is meant to enable childporn, drug trade, hacking and such communications and show middle finger to government censorfags.

There is no VPN that does not save session logs or financial data that can be used to trace you. Many hackers have fallen to this trick. Being offshore means nothing. Combining Tor + VPN is less secure than Tor alone or combining Tor + hacked WiFi in another part of city. Because VPN is more likely to closely watch the traffic (and save Tor traffic timings) compared to regular ISP (it depends from country and ISP).

Government suits monitoring darkweb is like staring at Goatse image all day long and being paid for it. They cannot do much about information in darkweb. Unless someone does something unimaginably stupid.

what about the us goverment who still tries to shut down silkroad for 2 years but cant...

Here's what I find dumb about the govt not liking Bitcoin. The average idiot will leave massive trails when hiring a hit man or buying drugs. MUCH more than cash.

Wrong the govt USES the dark web and hence never attacking it. Don't forget to use the TWO virtual machine method, disable js and plugins, check ssl certs, don't accept bad ones.

https://www.torproject.org/docs/faq-abuse.html.en
"Tor aims to provide protection for ordinary people who want to follow the law."

It's safe and secure as long as you are not doing illegal things. If you need more privacy and security,
Use VPN + TOR or
VPN (That doesn't saves logs) + TOR on a offshore VPS.

+

Don't forget Govt monitors darkweb too..

The do it with radio waves coming from black helicopters. They also disable bad node detection mechanism in Tor if the computer is not shielded with tin foil.

I welcome you to start modifying traffic going trough Your Tor exit node. Will see what happens. The conclusions from this experiment will make you feel a little bit better.

How exactly do they compromise your CA store?

Tor is as secure and anonymous as it can be. Reasons for this myth:

1. Hackers who work for government usually are total noobs and assholes. They get caught in first place before being "converted" to white hats. This fact alone speaks about their overall security proficiency.

2. Because they are such a lamers they cannot distinguish anonymity from security. They think that traffic being sniffable by exit node means "Tor is not anonymous".

3. They cannot do much about Tor being used for thing they cannot control. They spread FUD in hope that few will eat this bullshit.

Tor is not trustworthy, it is not safe to use for anything at all.

Many exit nodes are currently SSLstripped.

You are supposed to disable plugins and javascript.. Or yes facebook and google will know exactly who you are

Are you a shill for CoinGator? How would you know they're not a scam? Are you laughing right now?

Are you a hacker who works for the government?  How would you know this?  Are you laughing right now?

This guy proved it was anonymous - the only way they caught him was due to his ego...

http://www.bbc.co.uk/news/technology-22248692

For what it's worth, hackers who work for the government laugh at people who say TOR is secure and anonymous.

it is not so often - I think i read about approximately few minutes - but you can change IP manually anytime

but there are also different issues (but I am not Tor expert to explain it)

Interesting concept, but to be useful it needs to catch every unusual word, all grammatical mistakes,
basically need to understand natural language.

The other, simpler way would be: force the writer to use controlled/simplified natural language,
then apply synonyms and grammar reshuffling at random.
But AFAIK such a program doesn't exist.

If tor didn't work, the illegal sites on the darknet would have been shut down long ago. They have not been shut down (for the most part), so we know that it does work. Of course there's no silver bullet for anonymity. If you were doing something really shady, you would still need to alter your posting style and be careful which sites you access through tor in order to keep your identity properly a secret.

As Anonymous as it gets.

If you download the browser bundle it comes with Vidalia, and you can just hit "Use New Identity" so I would say pretty damn anonymous. Do you think half of the hidden services that exist on tor would be permitted to if they weren't completely anonymous? 

Have you seen this?

http://panopticlick.eff.org/index.php?action=log&js=yes

Try using Anonymouth?

Well, if you're worried about that, you're fucked anyway, unless you change your writing style deliberately.

Yes I know my IP changes regulary with TOR. The issue Im most concerned of is Big Brother identifiying you  regardless of what IP you are hiding behind, based on the traces you leave at different sites (based on your writing style and keywords or subjects in your texts).

You ever use tor, and check your ip address? It changes like every 3 seconds, and page change.

I have the impression that TOR is not completely secure to keep you anonymous if you use the same session (IP) to visit several websitess since your IP-address will be saved in those websites logs.

Another scenario is Google & other big sites sharing data about their users with each other to get a better understanding of their registered and unregistered users. Even fragments of information can match with a real identity, for example the patterns of the languange used in your google searches, your blogs, tweets, emails, forum discussions (at bitcointalk) can easily be analyzed. Google has been indexing internet for years so they have all data they need. The more sources they got, the more accure they can match different mails, tweets and forum posts with each other, even if the IPs used are completely different (with help of TOR).

One solution for cautious people is of course to use encryption in all communication and never share data at public places (never writing posts at forums like this). I guess guys like Satoshi change their language pattern in forums and mails so they can remain anonymous.