Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 14 Dec 2018, 02:40
All times are UTC - 4
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
Tor - What's it all about?
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [18 Posts]   Goto page: 1, 2 Next
Author Message
labbe5

Joined: 13 Nov 2013
Posts: 1536
Location: Canada

PostPosted: Tue 07 Aug 2018, 16:15    Post subject:  Tor - What's it all about?
Subject description: a 5-part series
 

Part 1 : Achieving Anonymity with Tor
https://resources.infosecinstitute.com/tor-part-1/

Part 2 : Achieving Anonymity with Tor : Proxies and DNS servers
https://resources.infosecinstitute.com/tor-part-2/

Part 3 : Achieving Anonymity with Tor : Torbutton and Tsocks
https://resources.infosecinstitute.com/tor-part-3/

Part 4 : Achieving Anonymity with Tor : Tor Relays
https://resources.infosecinstitute.com/tor-part-4/

Part 5 : Achieving Anonymity with Tor : Tor Bridges and Hidden Services
https://resources.infosecinstitute.com/tor-part-5/

Further reading :
https://null-byte.wonderhowto.com/how-to/top-80-websites-available-tor-network-0186117/
https://blog.torproject.org/tor-heart-apt-transport-tor-and-debian-onions
https://guardianproject.info/2016/07/31/howto-get-all-your-debian-packages-via-tor-onion-services/
https://guardianproject.info/2014/10/16/reducing-metadata-leakage-from-software-updates/
https://onion.torproject.org/

apt-transport-tor
Easily install Debian packages via Tor.

Usage
Edit your /etc/apt/sources.list like so, adjusting the suite/components appropriately for your system:

deb tor+http://http.debian.net/debian unstable main
deb-src tor+http://http.debian.net/debian unstable main

Note the use of http.debian.net so that a mirror close to your exit node will be automatically chosen.

Alternatively, if you have the Tor hidden service address of a Debian mirror, you can use that:

deb tor+http://<long string>.onion/debian unstable main
deb-src tor+http://<long string>.onion/debian unstable main


Note
APT is Debiandog way of managing packages

Useful commands :
netstat -tulpn
netstat -antp
netstat -tanp | grep tor

Further reading :
https://www.bleepingcomputer.com/news/security/cloudflare-ends-captchas-for-tor-users-while-blocking-bad-actors/
https://darkwebnews.com/dark-web/darknet-as-tool-for-public-good-and-free-speech/
http://www.hackerfactor.com/blog/index.php?/archives/803-Domain-Fronting.html
TB 8.0 removes much of the web browser anonymity that the Tor community has relied upon
http://www.hackerfactor.com/blog/index.php?/archives/816-Cyber-Goats-and-Purple-Zebras.html
https://www.linuxuprising.com/2018/10/how-to-install-and-use-tor-as-proxy-in.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+LinuxUprising+%28Linux+Uprising%29
A step-by-step guide how to use Python with Tor and Privoxy
https://gist.github.com/DusanMadar/8d11026b7ce0bce6a67f7dd87b999f6b
Tor IP changing
https://dm295.blogspot.com/2016/02/tor-ip-changing-and-web-scraping.html

Last edited by labbe5 on Mon 19 Nov 2018, 10:31; edited 6 times in total
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 1536
Location: Canada

PostPosted: Thu 06 Sep 2018, 17:53    Post subject: Tor Browser 8.0 with improved bridge fetching
Subject description: first stable release based on Firefox 60 ESR
 

For users where Tor is blocked, we have previously offered a handful of bridges in the browser to bypass censorship. But to receive additional bridges, you had to send an email or visit a website, which posed a set of problems. To simplify how you request bridges, we now have a new bridge configuration flow when you when you launch Tor. Now all you have to do is solve a captcha in Tor Launcher, and you’ll get a bridge IP. We hope this simplification will allow more people to bypass censorship and browse the internet freely and privately.

Source : https://newsletter.torproject.org/archive/2018-09-06-we-gave-tor-browser-ux-overhaul/

Further reading :
https://www.tecmint.com/tor-browser-for-anonymous-web-browsing/

Last edited by labbe5 on Sat 08 Dec 2018, 17:27; edited 1 time in total
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 1536
Location: Canada

PostPosted: Fri 21 Sep 2018, 17:10    Post subject: Monero Wallet on Tor  

XMRWallet.com has finally bowed to pressure and decided to launch a web-based wallet for Tor users, making them the very first providers of the service.

Source : https://darkwebnews.com/cryptocurrency/monero-wallet-in-xmrwallet/
Back to top
View user's profile Send private message 
s243a

Joined: 02 Sep 2014
Posts: 1316

PostPosted: Fri 21 Sep 2018, 18:57    Post subject: Re: Tor Browser 8.0 with improved bridge fetching
Subject description: first stable release based on Firefox 60 ESR
 

labbe5 wrote:
For users where Tor is blocked, we have previously offered a handful of bridges in the browser to bypass censorship. But to receive additional bridges, you had to send an email or visit a website, which posed a set of problems. To simplify how you request bridges, we now have a new bridge configuration flow when you when you launch Tor. Now all you have to do is solve a captcha in Tor Launcher, and you’ll get a bridge IP. We hope this simplification will allow more people to bypass censorship and browse the internet freely and privately.

Source : https://newsletter.torproject.org/archive/2018-09-06-we-gave-tor-browser-ux-overhaul/


That's a cool idea, especially if the ip addresses assigned by the captcha are random.
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 1536
Location: Canada

PostPosted: Mon 24 Sep 2018, 18:01    Post subject: Tor Browser for Android  

https://blog.torproject.org/new-alpha-release-tor-browser-android

Mobile browsing is on the rise around the world, and in some parts, it is commonly the only way people access the internet. In these same areas, there is often heavy surveillance and censorship online, so in the past year, we’ve focused on better supporting these users.

There’s never been an official Tor Browser on mobile. Until now.


Introducing Tor Browser for Android (alpha), the mobile browser with the highest privacy protections ever available and on par with Tor Browser for desktop. You can download the alpha release on GooglePlay, or you can get the apk directly from our download page. The stable release is slated for early 2019.

Note: For this release, you also need to install Orbot, a proxy application that will connect Tor Browser for Android with the Tor network. For the upcoming Tor Browser for Android stable release, our goal is for Orbot not to be necessary to connect to Tor.


To get your copy of Tor browser for Android : https://www.torproject.org/dist/torbrowser/mobile/1.0a1/tor-browser-android-arm-1.0a1.apk
Back to top
View user's profile Send private message 
s243a

Joined: 02 Sep 2014
Posts: 1316

PostPosted: Mon 24 Sep 2018, 21:40    Post subject: Re: Tor Browser for Android  

labbe5 wrote:
https://blog.torproject.org/new-alpha-release-tor-browser-android

Mobile browsing is on the rise around the world, and in some parts, it is commonly the only way people access the internet. In these same areas, there is often heavy surveillance and censorship online, so in the past year, we’ve focused on better supporting these users.

There’s never been an official Tor Browser on mobile. Until now.


Introducing Tor Browser for Android (alpha), the mobile browser with the highest privacy protections ever available and on par with Tor Browser for desktop. You can download the alpha release on GooglePlay, or you can get the apk directly from our download page. The stable release is slated for early 2019.

Note: For this release, you also need to install Orbot, a proxy application that will connect Tor Browser for Android with the Tor network. For the upcoming Tor Browser for Android stable release, our goal is for Orbot not to be necessary to connect to Tor.


To get your copy of Tor browser for Android : https://www.torproject.org/dist/torbrowser/mobile/1.0a1/tor-browser-android-arm-1.0a1.apk


I'm now using this browser as my main browser for ZeroNet on android. I run ZeroNet in Termux. The reason being is that the ZeroNet android ap can't read the authentication cookie from the Tor ap (i.e. orbit) unless one has root permissions. If one instead installs ZeroNet and Tor in Termux both ZeroNet and Tor are the same user and this alows ZeroNet to read the Tor authentication cookie.

Instructions for installing ZeroNet on Termux can be found at:

https://www.zerogate.tk/138R53t3ZW7KDfSfxVpWUsMXgwUnsDNXLP/?Page:termux

Zerogate allows people to brows zeronet sites from clearnet.
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 1536
Location: Canada

PostPosted: Fri 28 Sep 2018, 18:22    Post subject: Creatorrc
Subject description: Create torrc files optimized for speed, security, or avoiding captchas
 

https://github.com/hephaest0s/creatorrc


Further reading :
Nipe - Script To Make Tor Network Your Default Gateway
http://www.effecthacking.com/2018/05/nipe-script-to-make-tor-network-your-default-gateway.html

Last edited by labbe5 on Sun 21 Oct 2018, 15:29; edited 1 time in total
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 1536
Location: Canada

PostPosted: Thu 04 Oct 2018, 16:38    Post subject: OpenWrt Tor proxy and anonymizing middlebox setup  

https://www.pcsuggest.com/openwrt-tor-proxy-setup/

Straight to the point, this tutorial is about how to setup Tor on a OpenWrt router, anonymizing all devices connected through wifi, a Tor SOCKS v5 proxy server accessible from both wifi and Ethernet LAN connection.
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 1536
Location: Canada

PostPosted: Sun 21 Oct 2018, 17:07    Post subject: Onion sites to discover  

The Pulitzer-winning ProPublica

https://www.propub3r6espa33w.onion/

The first online publication that won a Pulitzer is now also the first major publication with a .onion address.

ProPublica does a lot of things differently. Its source of funding is the deep wallet of the Sandler Foundation and various other similar organizations.

Browsing ProPublica’s work through its .onion site works well, and the site’s very existence is a big win for privacy and free speech.



Facebook’s .onion site

https://www.facebookcorewwwi.onion/

Why would one of the largest organizations known for its invasive stance on privacy and controversial clear-name policy have a .onion address?

While Facebook might collect everything you say and do on its platform, it isn’t happy with sharing this information with others. Facebook is also keenly aware of attempts by many governments to restrict access to a tool that allows strangers across the web to talk and collaborate freely.

Facebook’s .onion address doesn’t make it much easier to maintain an anonymous account, but it does make Facebook more accessible in places where it’s censored.


DuckDuckGo

http://3g2upl4pq6kufc4m.onion/

Searching for content but don’t want to give up your privacy? DuckDuckGo is a great alternative to Google. Search activity isn’t logged by design. Even without the ability to learn about your behavior or monitor your email and browsing, DuckDuckGo provides decent results. Which raises the question: Are Google’s extensive surveillance techniques really necessary?

Over Tor, Google becomes annoying to use, because it frequently subjects searchers to captchas to prove they’re human. But The Duck excels at speed, reliability, and privacy.


For more interesting sites to discover using the Tor browser :
http://expressobutiolem.onion/blog/best-onion-sites-on-dark-web/

Source for written material : http://expressobutiolem.onion

Further reading :
https://guardianproject.info/2017/10/27/no-more-root-features-in-orbot-use-orfox-vpn-instead/

Last edited by labbe5 on Fri 26 Oct 2018, 17:42; edited 1 time in total
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 1536
Location: Canada

PostPosted: Sun 21 Oct 2018, 18:00    Post subject: Tor search engines  

Clearly, using Google as a search engine to search for onion sites is not an option.

Start your discovery of onion sites using ahmia, but there are other search engines.

ahmia : https://ahmia.fi/

This search engine is on the clearnet, but referencing onion sites, so you need Tor browser to access them.

The onion address is : http://msydqstlz2kzerdg.onion/

Using ahmia, you can discover and access the onion site of The Pirate Bay : http://uj3wazyk5u4hnvtk.onion/

If you feel like discover some other search engines, open your Tor browser and go to : http://sgmfbex2j2yzthop.onion/search-engines-links-tor.html

All of the above is for education purpose, Tor hidden services being largely ignored by majority of people. Snowden revelations have made little dent in the clearnet usage. Except for privacy activists, there is almost no interest to use the dark web.

Caution : Keeping same habits with Tor hidden services as with the clearnet can have you in trouble. Prepare yourself by using a VPN, you do not want your real IP address be intercepted by whoever or whatever is lurking in the dark web. Go to tried and true services, such as Propublica, DuckDuckGo, Facebook, first.

A French Deep Web for our french-speaking forum members : http://fdwocbgmagi2rrv5h56bihbn6zmvjonopdszfxf64xxta4erqmwbo2qd.onion/
Pour tout soucis que vous pourriez rencontrer sur le forum ou le DW français, excepté concernant le FDWM, vous pouvez me contacter par MP, lettres, pigeon voyageurs, télépathie, signaux de fumée et peinture rupestre. Funny.

Further reading :
https://www.makeuseof.com/tag/find-active-onion-sites/
https://archimedesden.wordpress.com/2009/03/18/tor-is-dangerous-for-the-unwary/
It Can Get You Hacked It Can Get You in Jail
https://fosspost.org/articles/must-know-before-using-kali-linux
https://motherboard.vice.com/en_us/article/d3qqj7/sim-card-forces-data-through-tor-brass-horn-communications
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 1536
Location: Canada

PostPosted: Fri 02 Nov 2018, 17:14    Post subject: New techniques expose your browsing history to attackers
Subject description: Tor browser immune to such attacks
 

The techniques fall into the category of “history sniffing” attacks, a concept dating back to the early 2000s. But the attacks demonstrated by the researchers at the 2018 USENIX Workshop on Offensive Technologies (WOOT) in Baltimore can profile or ‘fingerprint’ a user’s online activity in a matter of seconds, and work across recent versions of major web browsers.

All of the attacks the researchers developed in their WOOT 2018 paper worked on Google Chrome. Two of the attacks also worked on a range of other browsers, from Mozilla Firefox to Microsoft Edge, as well various security-focused research browsers. The only browser which proved immune to all of the attacks is the Tor Browser, which doesn’t keep a record of browsing history in the first place.

Most Internet users are by now familiar with phishing; cyber-criminals build fake websites which mimic, say, banks, to trick them into entering their login details. The more the phisher can learn about their potential victim, the more likely the con is to succeed.

After conducting an effective history sniffing attack, a criminal could carry out a smart phishing scheme, which automatically matches each victim to a faked page corresponding to their actual bank.

The Tor Browser is the only browser known to be totally immune to all the attacks, as it intentionally avoids storing any information about a user’s browsing history.
Source : https://www.helpnetsecurity.com/2018/11/02/expose-your-browsing-history-to-attackers/
Back to top
View user's profile Send private message 
s243a

Joined: 02 Sep 2014
Posts: 1316

PostPosted: Sun 18 Nov 2018, 04:30    Post subject:  

If one is downloading system tor (rather than the tor browser bundle) than the recommend way of doing this is via the package manager.

For instance see instructions for debian here:
https://www.torproject.org/docs/debian.html.en

One big reason to do this is that a package manager is supposed to verify the signatures of the packages that it downloads.

For the system tor binary builds the repos are using a pgp key as a way for people to authenticate the packages in the tor repo. I do not know if the puppy package manager checks this signature like a secure package manager should.

I will say though that adding the tor repo to the puppy package manager is not straight forward because one can't do so by simply changing a configuration file. There is also a code change that they need to make to
Code:

/usr/local/petget/0setup

in order to get this to work. See My post at this link.
Back to top
View user's profile Send private message 
s243a

Joined: 02 Sep 2014
Posts: 1316

PostPosted: Sun 18 Nov 2018, 04:52    Post subject: Re: New techniques expose your browsing history to attackers
Subject description: Tor browser immune to such attacks
 

labbe5 wrote:
The Tor Browser is the only browser known to be totally immune to all the attacks, as it intentionally avoids storing any information about a user’s browsing history.
Source : https://www.helpnetsecurity.com/2018/11/02/expose-your-browsing-history-to-attackers/


People shouldn't make claims like this because it creates a naive sense of security. My understanding is there have in the past been vulnerabilities in the tor browser (related to javascript). In my opinion a network that doesn't use javascript (e.g. freenet) better protects peoples privacy.
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2711

PostPosted: Sun 18 Nov 2018, 09:16    Post subject:  

Gopher is pretty much a perfect protocol for Tor https://cryogenix.net/gophernicus.html - just presently lacking a major independent search/index server.

Google having pwn'd searches (that DuckDuckgo and Startpage for instance still use), along with DNS (8.8.8.8 for instance) and the content you access/view can be deduced, so even if encrypted the deduced content along with the encrypted text reveals the key.

As in how a terrorist walking through a city might opine that they are less trackable in not carrying a mobile phone, the process of big data elimination makes them more conspicuous and more inclined to be focused.

_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 1536
Location: Canada

PostPosted: Mon 26 Nov 2018, 17:45    Post subject: Tor browser without Tor connection
Subject description: still provide better out-of-the-box privacy than Firefox ESR or Firefox Stable
 

Tor Browser loads as quickly as any other web browser once you have made the modifications. It works similarly to a heavily modified version of Firefox in that regard, e.g. after applying changes from the Ghacks user.js file for Firefox and installing the add-ons that Tor browser comes with by default (HTTPS Everywhere and NoScript).

Follow the how-to here : http://bit.ly/2zsazVb
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [18 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.4339s ][ Queries: 12 (0.0292s) ][ GZIP on ]