You are viewing a single comment's thread.

view the rest of the comments →

0
0

[–] 16203737? ago 

Your Computer

To date, the NSA's and FBI's primary attacks on Tor users have been MITM attacks (NSA) and hidden service web server compromises (FBI) which either sent tracking data to the Tor user's computer, compromised it, or both. Thus you need a reasonably secure system from which you can use Tor and reduce your risk of being tracked or compromised.

  1. Don't use Windows. Just don't. This also means don't use the Tor Browser Bundle on Windows. Vulnerabilities in the software in Tor browser button figure prominently in both the NSA slides and FBI's recent takedown of Freedom Hosting.

  2. If you can't construct your own workstation capable of running Linux and carefully configured to run the latest available versions of Tor, a proxy such as Privoxy, and a web browser (with all outgoing clearnet access firewalled), consider using Tails or Whonix instead, where most of this work is done for you. It's absolutely critical that outgoing access be firewalled so that third party applications cannot accidentally leak data about your location.

  3. If you are using persistent storage of any kind, ensure that it is encrypted. Current versions of LUKS are reasonably safe, and major Linux distributions will offer to set it up for you during their installation. TrueCrypt might be safe, though it's not nearly as well integrated into the OS. BitLocker might be safe as well, though you still shouldn't be running Windows. Even if you are in a country where rubber hosing is legal, such as the UK, encrypting your data protects you from a variety of other threats.

  4. Remember that your computer must be kept up to date. Whether you use Tails or build your own workstation from scratch or with Whonix, update frequently to ensure you are protected from the latest security vulnerabilities. Ideally you should update each time you begin a session, or at least daily. Tails will notify you at startup if an update is available.

  5. Be very reluctant to compromise on JavaScript, Flash and Java. Disable them all by default. If a site requires any of these, visit somewhere else. Enable scripting only as a last resort, only temporarily, and only to the minimum extent necessary to gain functionality of a web site that you have no alternative for.

  6. Viciously drop cookies and local data that sites send you. Neither the Tor browser button nor Tails do this well enough for my tastes; consider using an addon such as Self-Destructing Cookies to keep your cookies to a minimum. Of zero.

  7. Your workstation must be a laptop; it must be portable enough to be carried with you and quickly disposed of or destroyed.

  8. Don't use Google to search the Internet. A good alternative is Startpage; this is the default search engine for Tor browser button, Tails, and Whonix. Another is DuckDuckGo which also has a hidden service. Plus it won't call you malicious or ask you to fill out CAPTCHAs.

0
0

[–] 16204309? ago 

consider using an addon

Don't use addons for tor browser. Tor browser is supposed to be the same for everyone to prevent fingerprinting. Websites can see the addons you're using, so if you're the only person using a specific addon, you can be tracked.

0
0

[–] 16204207? ago 

If you want to go ultra-paranoia which is understandable in this day and age, there is now a fully open source computer(including CPU) for around 2k usd. Some distros of linux support it and there is currently an effort to port tails over. Literally no way to exploit vunerabilities if it's a powerpc comp running tails.

https://raptorcs.com/content/TLSDS3/intro.html

Link if interested

0
0

[–] 16204213? ago 

Very interesting anon.

The Talos™ II mainboard is the first modern (post-2013), owner-controllable, workstation- and enterprise-class mainboard. Built around the brand-new IBM POWER9 processor, and leveraging Linux and OpenPOWER™ technology, Talos™ II allows you to secure your data without sacrificing performance. Designed with a fully owner-controlled CPU domain, you can audit and modify any portion of the open source firmware on the Talos™ II mainboard, all the way down to the CPU microcode. This is an unprecedented level of access for any modern workstation- or enterprise-class machine, and one that is increasingly needed to assure safety and compliance with new regulations, such as the EU's GDPR.

An owner-controlled, CPU-based secure boot mode also is available at any time. When secure boot is properly configured, and if the mainboard is located in a physically secure environment (e.g., a datacenter or locked workstation case), you can be assured that only your pre-approved and pre-audited firmware, kernel, and user space components are executing on a Talos™ II system.

To get you started as quickly as possible, the Special Developer System comes pre-loaded with a Debian Buster ppc64el installation. Default login credentials are root/root and should be changed after receiving the machine. This default installation can be wiped and an OS of your choice installed if desired.

We really need more market saturation of this kind of stuff. Praise the king of digits for this worthy get.