I care of global anonymity and fingerprinting, as they pair with each others anyway (if i didn’t misundersting anything along the way). I’ve start to make a lab and add elements one by one while testing them. Actually i’ve just a router and my pi-hole using DNSCrypt protocol and no logs server + relays. I’m used to VM machines so it’s not my next step. I really look forward to integrate a VPN with no logs and efficient as it can be. Tor Browser seems to be a well coded browser so that’s why i was thinking of using it as browser and set it up with a VPN without using TOR network.
For me it seems like a big honey pot. Peoples asking for privacy are redirected to TOR and US Government is gathering their datas on their network. I speak with the informations i’ve collected here and there on the subject, but it always seems like it’s just a question of luck if you goes on the bad time at the wrong place.
Maybe am i wrong, i don’t have the chance to speak of it with TOR users everyday so it’s (sadly) just my own opinion.
Thank you again for your answers it’s helpful anyway.
Well, I would dare to say that’s how it is, my questions were kind of rhetoric, the ways in which fingerprint is used by these websites is not enough to de-anonymize users. Stuff like keystroke, mouse and writing patterns on the other hand, sure are enough to pinpoint certain list of subjects.
So you was on FF with ghacks standard file + privacyio recommanded settings ? That’s it ? Are you avoiding the question ? Or do i need to be more specific ? If you are not comfortable with sharing on this, just tell it to me, i can understand, i will not bother you with this
If it was rhetoric it would mean by a way or another that i should trust you on word at that time, because i didn’t read more than 2 serious studies and some papers on blogging website for this subject. I’ve references to read but it’s a lot of work so it will take time.
Oh sorry ! I was not speaking about going through Tor or exiting through Tor network by a VPN, just using Tor Browser as a browser and configuring it to use a VPN. I was not thinking about entering on Tor network. I’ve seen the video by the way, really understandable one. Thank you for the paper.
Be aware, SecBrowser is not a part of the Tor Project, it hasn’t been audited, the team behind is way smaller and therefore there’s no way to know if there are hidden vulnerabilities.
If you saw the video, and understood it correctly, you’ll see that all the people who were de-anonymized were because of their own fault. Some didn’t use a bridge, some forgot to use Tor once therefore their account was compromised, some linked their AFK identities with their illegal activities, etc.
And in this video, one of Tor project’s developer debunks a lot of myths, for example that because one state agency created Tor it shouldn’t be trusted. It is no longer maintained by that agency, it receives funding from state agencies relating to science, no by the NSA or CIA, the code is open source and it’s probably one of the most audited projects that exists, if there were some kind of backdoor everyone would know about it. https://invidio.us/watch?v=Di7qAVidy1Y
You’re just plain wrong, if you want anonymity there’s nothing that can bring you that as Tor. Again, it’s open source, it’s probably the most audited project in existance, most of the data collected by Tor is through nodes and they collect very little, in fact is one of the topics of the video above; how hard it is for them to study their project because of that.
What I mean is, just because a project is under the wing of another which is big and well known does not mean that the child project is going to be kept up to date. My example was TorBirdy -which is an add-on to ThunderBird developed by The Tor Project to traffic your e-mails through Tor-, because even though TBB is always kept up to date, some of their other projects aren’t. In fact, a lot of their secondary ones have died with the years.
This is analogous to Whonix, which is a reputable OS and the development is updated regularly, but that doesn’t mean that their browser is.
Privacy and anonymity is not just a safe browser for me. It’s a mind state, a way of living. So it’s needed to see the global picture of how things works and consider that there is not a unique solution, but a solution for each people made by their choices. Every solutions as risks. That’s what i mean and what i’m trying to learn. Global thinking about privacy and anonymity.
Even if most of the case is due to human failure, it’s not at one hundred percent. In the video you see also DNS leak stuff, correlation attacks and for that you also need to have access to relays, so three capital agency can have access to it. If we have seen the same video.
Also in your answers you seems to say there is only one way to understand and see things, i’m not comfortable with that, it’s maybe just an impression, i didn’t mean to offense you.
Then explain me why TOR is more secured and safe then multiple VPN outside the 14 eyes countries with sources (even technical ones), please.
Correlation attacks on its own are not enough a lot of the times, they can just decrease the possible zone where the target lives keeping in mind the time of their communication, and from the two correlation attacks in the video one was captured because they were using the fucking internet connection where they were bomb threatening and not using a bridge (the ISP can see you are using Tor, but not which web sites you are visiting), and the other, Dread Pirate Roberts, committed a lot of stupids mistakes which basically made obvious the fact that he was the one behind the Silk Road; when interrogated by the FBI about the fake IDs he basically told them “You can buy that on the SR, but it wasn’t me”.
You don’t need relays for a correlation attack. A correlation attack is done by packet inspecting, analyzing when the victim uses internet to see in which timezone they live, and similar practices. State agencies can run relays, so what? They can’t choose to be the three nodes used by a user, and they don’t need to do this, they literally have a backup of every major service they can steal or ask information for surveillance purposes and even themselves use Tor.
In this case it is, there are no backdoors or known exploits to de-anonymize Tor users so far, there have been in the past, but that is normal for every project and that happened when TBB was on its infancy. I am not offended, I’m just a bit tired of hearing people thinking that Tor is not to be trusted basing their opinions on FUD.
Tor is a zero trust network, unlike VPNs. You don’t need to trust every single guard, middle or exit node and be friends with them to know your information is secure. Through every hop the information is encrypted and they can’t know where you came from and where you are going, or who you are.
Tor is decentralized, unlike VPNs. Every single node run by a VPN provider is owned by them -in the best scenario-, or rented to a 3rd party; whereas on Tor, on the other hand, it’s impossible for a single entity to posses all of the relays on the network, there may be some organizations which run more than one but you will never face the same level of centralization. Also, each node does not have contact with each other, or with their users.
Tor is almost untraceable, unlike VPNs. If you ever got caught doing some sort of illegal activities, whether or not this are considered a right in other places in the world, and you were using a VPN the government has to send a sub-poena to the provider and (in the best case scenario that their no log policy is true; there’s no way to verify this, and remember, “We kill people based on metadata”) in most cases they will have to comply and give them what they got. Since Tor nodes don’t connect with each other, and don’t know where the user came from, or where did they go, and all data and metadata is encrypted, cannot provide authorities with any kind of information, and again people who run relays live in a lot of places in the world, sub-poena becomes a lot harder since there are a lot of different jurisdictions if you would be trying to catch one person.
Read this brief article about how BoingBoing handle a sub-poena by authorities asking them for data on their exit node, now imagine how bad that would have gone if the owner of the hop would have been a VPN provider.
I don’t think so, messages and calls are received by antennae so they have a way to know who you are. Silence encrypts text messages but you would need the receiver to use it too and this still isn’t foolproof, you better use a private IM.
I doubt it, your best bet is to talk with the person at mail and tell them something like “I wrote my name wrong could I still get my package?”.
I know it exist non-free solutions like virtual numbers services but i don’t know which of those can be reliable. They are many of it. At least i really would like to give fake number to internet services and others. If i can hide my number with another one it coulb be an enhancement to my privacy. What do you mean by IM ?
Maybe i could try relays from shops for that.
Should i create an other post for those questions and make this one as resolve ? Even if using TOR Browser couldn’t match for me as it’s really really to slow for me, and i need to internet to work many times and not to mention issues with paypal so…
Yes, there are online services which provide a virtual number but the uses you can give to them are a bit limited; some companies will not accept them for example if you are trying to verify with them. A good rule is that if the service you are using requires a phone number your are probably better if not using it, 2FA with text messages is really insecure and most of the times it’s just an excuse to steal your number and sell it to ad companies. By IM I meant “Instant Messengers”.
https://crypton.sh/ This is the best solution out there that I could find, if you can afford it, obviously.
Maybe, I would try to buy as many things AFK if you can, if you live in a 1st world country I’m sure you will find a good variety of products in store.
Yes, probably, although buying stuff online without leaving a trace doesn’t have a 100% foolproof solution, I’m sure some other people have already asked about this on this forum. Were you using Tor on Safest mode? Because I’ve been using it lately and TBH it works really fast in Safer mode, and my internet bandwidth is of 100mbs which I presume is not a lot.
If you are using a service that already has your real identity on it I don’t see the point on using Tor…
Sure. And for many reasons i try to buy things locally, but sometimes the price is 50% or 75% more then on internet.
Okay i will take a look before creating a new post as usual then.
For TOR in Safest yeah, since for know i don’t know the differences and the real impact on privacy for those settings.
As i’ve said before i do things step by steps.
I look forward to false ID and bitcoin to enhance my privacy but if i really want to fully understand what i do it will need some work and some questions
Maybe a paypal account with false informations can do the work for most of web retailers i think, i can still use. I can buy transcash credit cards locally or with bitcoin for example. No ?
This is unnecessary for the majority of adversary models and will make the web significantly less usable.
Move it to Safer, it will work much faster.
I say you should mark this discussion as solved and start new discussion if you have more questions, so people in the future can easily skim through this one in search of answers, and you will get more people involved and different voices.
But in brief, no, Bitcoin is not going to bring you anonymity. I would trust Monero, Zcash, Komodo or Pirate Chain, but you can’t buy as many things with them as with BTC.