See the title. We should totally use this newly revived board to spark interest in the deep web, alternative tech, etc., just like what had happened around a year ago with archiving and DIY. At work right now but I'm gonna be downloading TOR onto this laptop and spending a bit exploring.
I wouldn't advocate for illegal activity, but just post whatever interests you or you think would be fun to visit as a board. I bet we could shake a forum or two up at the very least, eh?
4 replies and 1 files omitted.
I've used Brave and it's alright. I just use plain Tor Browser since I am more experienced with that and I can rest assured of its general security. I can't guarantee anything with Brave other than a tolerable anti-spam advertisement model and nice UI.
I recently found out that Brave just added that as a way of using .onion domains on Brave. As good as Brave is, it's not as secure as Tor. And hell, even Tor isn't so safe since there are small zero-days and issues with security if you're using specific sites regularly enough to be tracked.
I never really trusted TOR and its "untracability", but considering not everyone is a part of the bog gov't, that can be more than enough for guaranteeing an user's anonymity.
Anecdotal, sure but I spent a while wondering "How" recently.
If you think you're safe using TOR browser, posting or finding info or dissident stuff, evading some bans, having different accounts for whatever reason and not getting them linked or because your DSL comes with a static IP and now browsers and OSes are like sponges that will get you identified, hacking or anything, remain skeptic.
Elite proxies and other things like that are a thing of the past. Only good to maybe override a regional block on some shit site. For most websites you should be fine with TOR, or I believe so. But I never expected that from a site we know well, one of the admins knew how to do it. And he did it!
No name will be given but I had a chat with him, either you're bluffing, either you're skilled, and well if you let me know that, you're based.
Imagine, I make a trolling account on a /pol/ forum. Register the email adress from a proxy in Germany on a PC I just connected on the internet. My network of course, behind a NAT router blocking what should be blocked.
It's running LinuxMint 19 64bit, XFCE, all up-to-date, apt-get the TOR package and all run smoothly, last version installed, and I think it's safe, let's try this out, since my customer wanted something safe.
>Shitpost in the aforementioned horse-politics forum, and the next day, get caught. «samefag!»
With hundred of users on this place at once, it can't be a wild guess, and go through a long process of repeating the experiment, finding what leaked.
2017 already there was a secu fault since a simple file:// could identify your machine. Even with a minimal lot of scripts loaded I wonder how this could have been possible. I repeated the process checking what most can do, with nothing relevant so far.
I'm not bragging anywhere, not on IRC or Discord about that troll account or even suggested its existence, which would leak. My wildest guess would be on the metadata from uploading an avatar for my guy, that could carry a signature of some kind, but that again is unlikely.
TBH, It was worth being banned from that site for this, afteall it's just a game but gets intresting.
Of course the admin could have lied and said ( On IRC, which I jumped in immediately, to claim my purity and play the poor innocent guy)
«Just kidding, I trolled you, it was random and indeed without proof, should've lift the ban you can move on, don't pay attention keep posting!» while not telling me he knew it was me. Or
«I recognized your style and punctuation and based a wild guess and baited you to admit and it worked.»
which would be a bold assume, and doesn't ressembles the guy, but since he mentioned cash,
«I know You're this Mote guy shitposting as that antifa on crack using TOR.»
And evasively hinted that yes, he made it. He tracked my original IP or managed to identify me over TOR, noscript, but this guy knows an exploit or security fault, and of course, he's using it.
Of course it's my abuse of trust, even small - wouldn't leak anything huge without at least using a throwaway phone with a free demo sim card with a few megs of data. But I could have used a random phone, or dumpster laptop on gentoo in a public wifi, a café, supermarket's or even spoofing my location.
Because even if you jump on the neighbor's wifi, a simple peek at the whois will reveal your location, and now on a small city, that's just begging for the wild guess/intuition, You should appear really at two different locations - home, no proxy or anything weird - and your troll, far away from there. Which you can get done with Tor.
You should NOT trust something that pretends to be safe, even with SSL and noscript, and a few stuff.
So far, after rechecking everything, my wild guess would be
- I use a rather odd resolution ( 1920x1200 )
- TOR, now even maximized puts a border to reduce the workspace to a certain fake resolution, like it's a security measure that given it out, instead of suggesting a common 1920x1080 resolution.
- It does keeps the aspect ratio, a simple rule of three reveals the native resolution and hints enough on the browser to link an user to another.
- Something else.
I wouldn't trust a VPN. Just setup your own proxy or use Tor.>>888>TOR add-on.never
use any Tor addons or "tor tabs" always use...
1) Tor Browser (better because it doesn't have the same fingerprint as your main browser. also, set your security level to safer/safest in Tor Browser settings. Do not use any tripcodes, names or avatars AND always clear the meta-data from all files that you upload!)
Protip: if you use Linux, you can use https://github.com/micahflee/torbrowser-launcher
to securely download and
verify Tor Browser
2) Install plain tor and configure it manually as proxy or use torsocks (read https://wiki.archlinux.org/index.php/Tor
for more info)
3) Use Tails (safest)
There are also other anonymity networks such as I2P, GNUnet and Freenet (out of these I2P is the best, IMO)