0
0

[–] 16203908? ago 

On my laptop TOR operates through a Mozilla Firefox browser. But the latter recently took an enormous $$$ financial contribution from none other than George Soros. In exchange for the bribe Mozilla has agreed to help Soros meddle in what Firefox users can access online.

Does Firefox being compromised mean that TOR is therefore also compromised?

I realize that the use of Firefox I'm talking about here involves the use of Windows, and OP admonishes strongly against Windows. But many of us are not able to buy a new device and learn to use Linux immediately.

0
0

[–] 16203910? ago 

No. Firefox is also secure and the OSF donation was nothing more than a generic 'push diversity and inclusion campaigns' more donation. Mozilla does not send data to third parties and besides that it is open source, which means the people behind TOR browser can modify it in any way they wish.

Firefox and Windows aren't related as it runs on Linux and basically everything else too.

0
0

[–] 16204088? ago 

Diversity will drag down the team. Some will leave and make other stuff great, but our only universal and open front end will suffer.

0
0

[–] 16204294? ago 

Mozilla does not send data to third parties

You're a fool. Firefox connects to a whole handful of IPs on startup and during use, including (((Amazon))), (((Akamai))) and (((Google)).

https://spyware.neocities.org/guides/firefox.html

Reminder that if you're not using uMatrix, you have ZERO security.

0
0

[–] 16203911? ago 

Well the press release and news at the time said that Mozilla was committed to helping Soros & friends to censor "fake news" (and we all know what that means).

See the graphic with my post above that shows the SERPs.

But thanks a lot for the quite informative answer. I learned something new today, & feel better about Mozilla.. I know almost nothing about IT, and was completely unaware that Mozilla is open source.

BUMP

0
0

[–] 16203924? ago 

But many of us are not able to buy a new device and learn to use Linux immediately

You've seriously never heard of dual-booting?

There is also the option of booting from an external drive or CD.

0
0

[–] 16204150? ago 

BOGanon here I almost got seth riched yesterday… Heres a quick rundown.

https://steemit.com/@cfs.leaks

0
0

[–] 16203740? ago 

Hidden Services

These are big in the news lately, with the recent takedown of at least two high-profile hidden services, Silk Road and Freedom Hosting. The bad news is, hidden services are much weaker than they could or should be. The good news is, the NSA doesn't seem to have done much with them (though the NSA slides mention a GCHQ program named ONIONBREATH which focuses on hidden services, nothing else is yet known about it).

In addition, since hidden services must often run under someone else's physical control, they are vulnerable to being compromised via that other party. Thus it's even more important to protect the anonymity of the service, as once it is compromised in this manner, it's pretty much game over.

The advice given above is sufficient if you are merely visiting a hidden service. If you need to run a hidden service, do all of the above, and in addition do the following. Note that these tasks require an experienced system administrator; performing them without the relevant experience will be difficult or impossible.

  1. Do not run a hidden service in a virtual machine unless you also control the physical host. Designs in which Tor and a service run in firewalled virtual machines on a firewalled physical host are OK, provided it is the physical host which you are in control of, and you are not merely leasing cloud space.

  2. A better design for a Tor hidden service consists of two physical hosts, leased from two different providers though they may be in the same datacenter. On the first physical host, a single virtual machine runs with Tor. Both the host and VM are firewalled to prevent outgoing traffic other than Tor traffic and traffic to the second physical host. The second physical host will then contain a VM with the actual hidden service. Again, these will be firewalled in both directions. The connection between them should be secured with IPSec, OpenVPN, etc. If it is suspected that the host running Tor may be compromised, the service on the second server may be immediately moved (by copying the virtual machine image) and both servers decommissioned. Both of these designs can be implemented fairly easily with Whonix.

  3. Hosts leased from third parties are convenient but especially vulnerable to attacks where the service provider takes a copy of the hard drives. If the server is virtual, or it is physical but uses RAID storage, this can be done without taking the server offline. Again, do not lease cloud space, and carefully monitor the hardware of the physical host. If the RAIDarray shows as degraded, or if the server is inexplicably down for more than a few moments, the server should be considered compromised, since there is no way to distinguish between a simple hardware failure and a compromise of this nature.

  4. Ensure that your hosting provider offers 24x7 access to a remote console (in the hosting industry this is often called a KVM though it's usually implemented via IPMI which can also install the operating system. Use temporary passwords/passphrases during the installation, and change them all after you have Torup and running (see below). The remote console also allows you to run a fully encrypted physical host, reducing the risk of data loss through physical compromise; however, in this case the passphrase must be changed every time the system is booted (even this does not mitigate all possible attacks, but it does buy you time).

  5. Your initial setup of the hosts which will run the service must be over clearnet, albeit via SSH; however, to reiterate, they must not be done from home or from a location you have ever visited before. As we have seen, it is not sufficient to simply use a VPN. This may cause you issues with actually signing up for the service due to fraud protection that such providers may use. How to deal with this is outside the scope of this answer, though.

  6. Once you have Tor up and running, never connect to any of the servers or virtual machines via clearnet again. Configure hidden services which connect via SSH to each host and each of the virtual machines, and always use them. If you must connect via clearnet to resolve a problem, again, do so from a location you will never visit again.

  7. Hidden services must be moved regularly, even if compromise is not suspected. A 2013 paper described an attack which can locate a hidden service in just a few months for around $10,000 in cloud compute charges, which is well within the budget of even some individuals. It is safer, though not at all convenient, to move the hidden service at least monthly. Ideally it should be moved as frequently as possible, though this quickly veers into the impractical. Note that it will take approximately an hour for the Tor network to recognize the new location of a moved hidden service.

0
0

[–] 16204069? ago 

Thanks for this thread, OP. I have it saved for personal reference.

0
0

[–] 16203742? ago 

Conclusion

Anonymity is hard. Technology alone, no matter how good it is, will never be enough. It requires a clear mind and careful attention to detail, as well as real-world actions to mitigate weaknesses that cannot be addressed through technology alone. As has been so frequently mentioned, the attackers can be bumbling fools who only have sheer luck to rely on, but you only have to make one mistake to be ruined. We call them "advanced persistent threats" because, in part, they are persistent. They won't give up, and you must not.

0
0

[–] 16204040? ago 

11812940

Education is a vague term, and most people will never reach the illusionary educational standards we try to impose on them. I'll take 10 strong and fearless men over 100 limp wristed academics any day.

0
0

[–] 16204051? ago 

11812940

The solution is simple, get a Lawyer; someone who is leagues better with dealing with prosecutors and can explain the various laws without you being incriminated. This is normie-tier simplicity. You need to get real with this and learn to protect yourself better.

0
0

[–] 16203927? ago 

MUUHHH PRIVAAACCCCYYYYYY

0
0

[–] 16203796? ago 

ASSAULTS

Assaults are the armed attacks which we make to expropriate funds, liberate prisoners, capture explosives, submachine guns, and other types of weapons and ammunition. Assaults can take place in broad daylight or at night. Daytime assaults are made when the objective cannot be achieved at any other hour, such as the transport of money by banks, which is not done at night. Night assault is usually the most advantageous for the guerrilla. The ideal is for all assaults to take place at night, when conditions for a surprise attack are most favorable and the darkness facilitates escape and hides the identity of the participants. The urban guerrilla must prepare himself, nevertheless, to act under all conditions, daytime as well as night.

The must vulnerable targets for assaults are the following:

1. credit establishments 

2. commercial and industrial 

    enterprises, including plants for the 

   manufacture of weapons and 

   explosives 

3. military establishments 

4. commissaries and police stations 

5. jails 

6. government property 

7. mass communications media 

8. North American firms and properties 

9. government vehicles, including 

    military and police vehicles, trucks, 

    armored vehicles, money carriers, 

    trains, ships, and airplanes. 

The assaults on businesses use the same tactics, because in every case the buildings represent a fixed target. Assaults on buildings are planned as guerrilla operations, varied according to whether they are against banks, a commercial enterprise, industries, military bases, commissaries, prisons, radio stations, warehouses for foreign firms, etc.

The assault on vehicles—money-carriers, armored vehicles, trains, ships, airplanes—are of another nature, since they are moving targets. The nature of the operation varies according to the situation and the circumstances—that is, whether the vehicle is stationary or moving. Armored cars, including military vehicles, are not immune to mines. Roadblocks, traps, ruses, interception by other vehicles, Molotov cocktails, shooting with heavy weapons, are efficient methods of assaulting vehicles. Heavy vehicles, grounded airplaces and anchored ships can be seized and their crews and guards overcome. Airplanes in flight can be hijacked by guerrilla action or by one person. Ships and trains in motion can be assaulted or captured by guerrilla operations in order to obtain weapons and ammunition or to prevent troop movements.

load more comments ▼ (31 remaining)