No.16296
General thread about Tor.
Is there any problem with going to
https://leftypol.org/ and then clicking on the .onion site? I can't store
http://76i2c3hn55fcj5nut3tqlboqqbbh23zvphv7lefk3vftpx6wketlanyd.onion/ in my browser because it's in a disposable VM.
No.16309
>>16296Desktop file like such:
[InternetShortcut]
URL=http://76i2c3hn55fcj5nut3tqlboqqbbh23zvphv7lefk3vftpx6wketlanyd.onion/tech/cat
alog.html
VM=web
Get a little scripty like such:
#!/bin/bash
URL=$(grep 'URL' "$1" | awk 'BEGIN{ FS = "="} {print $2}' -)
VM=$(grep 'VM' "$1" | awk 'BEGIN{ FS = "="} {print $2}' -)
onion=$(grep "\.onion" "$1" )
case $onion in
"") qvm-run-vm $VM firefox-esr $URL;;
*) qvm-run-vm $VM torbrowser $URL;;
esac(there's also qvm-open-in-dvm)
and put in a desktop file under /usr/share/applications/ and set it to exec your script for application/x-mswinurl mimetype (you might need to fuck with mimeinfo or mimeapps documents? idk :p dont remember, probably not, maybe u know better than I). Then keep a bookmark file and open them at your leisure… its not perfect tho - these days i use the desktop file system and just open in vim, then copy paste lmao
No.16313
>>16309What happens when Qubes updates? Does this get overwritten and you have to do it again?
No.16319
is it true that the tor network is run by glowies?
No.16325
>>16313oh sorry i didnt clarify, but this goes in an appvm or smth, not dom0. The idea is to use a file manager as a bookmark opener.
Though when i was searching for this stuff i noticed my desktop file for the bookmark opener script was gone so it possibly does get rmoved, maybe after update, maybe if you just never use it like me
>>16319semi-tru. They used to be the bulk of funding, they rely on it and helped develop it, but the nodes are ran by volunteers, which for the most part seem like not-glowies. There are mechanisms for removing sussy nodes btw, and the tor people are pretty good. Lots of criminals rely on tor to keep them safe, and they are also huge contributors to the devs/foundation, and some more self-aware ones run nodes.
Also as a protocol for anonymizing IP and encrypting packets - it just works, it hasnt been broken, yet.
No.16951
Id like to talk about how trustable is TOR actually?
> The code is open
Not everybody can read it, many checkers are not trustable and the CIA even admitted that it kills by using Metadata.
The Authority nodes are centralized, in universitys and maintained by ex government people from the CIA for example.
I also once read a study by a university on who funds the TOR project, tldr, over 80-90% the US government, mainly the department of defence.
So a system developed by the US government, the developers being mainly from them, it being mainly funded by them, the CIA killing based on metadata, it is fair to ask the question if we can even trust TOR.
So, since US agents use tor to communicate with their government they need us people to actively use TOR so they are more hidden, and of course they, if they could see everything on tor, would not arrest everyone who does illegal shit because they dont care about stuff thats not a threat to their money and deepstate. And there have been some moments where big bugs have been arrested by authorities by the FBI where we are still asking ourselves, AFAIK, how they knew of this bug/way of finding people over TOR. So how much else do they know in case they actually need to make someone vanish? The people behind TOR are definetly not trustable, but they hold the most power.
so what do you guys think about this?
No.16952
metadata kills and it is what you said yourself so do not place your trust on services to hide your identity.
No.16955
It's the best we have. Directory nodes cannot see what data is passed through the network. They're just lists of nodes in the network that clients use to build circuits.
What we really need is more nodes outside of fourteen eyes countries. This is difficult because the biggest nodes are on cheap VPSes because they're cheap. And the cheapest VPSes are in fourteen eyes countries.
No.16958
Theoretically there are weakness, but it's a very low risk, especially if (You) specifically are not actively targeted (i.e. OP isn't Osama bin Laden). It's kinda similar to how any encryption can theoretically be broken, it just depends on how feasible it is in practice and that is how you need to weigh multiple options. Tor is not perfect, but it's still better than not using Tor at all. Also, no tool is going to prevent you from sabotaging yourself. Tor won't call you a retard if you try emailing your real name and address to the police for instance, that's on you. OPSEC is more than just downloading a program.
IMO more interesting question is the (geo)political nature of the Tor Project rather than the tool. On one hand Tor would be useful for RAF if it was still operating today. But at the same time Tor Project is clearly promoting its tool as a way to get access to Western propaganda in non-Western-aligned countries. For same reason even BBC and Facebook have their own .onion address. The people behind the project are idealistic libs who admittedly also oppose surveillance by Western govs, but effectively they are also helping with regime change efforts. I'm very suspicious of this Internet ideology where the whole world needs to be connected into a single network and all barriers need to be removed or bypassed. Just take a honest look of what Facebook is actually trying to achieve and why US gov is supporting it. The goal in the current situation is one-sided hegemony, not internationalism.
No.16962
>>16955>What we really need is more nodes outside of fourteen eyes countriesThere are though
I remember many nodes while using it being in like African countries and whatnot
No.16963
>>16955That does not better much, there are very many gov malicious nodes and they can just create more if they need to. stuff like these are just flaws in TORs system in general. We need something better, actually we have. It just needs as much attention as tor and if it does we need to focus that this will not be overtaken by the people that are against us.
And the betters shit is I2p. It is already possible to go to clearnet with it with gates n shit, but thats what im talking about. If it gets as much attention we can fix all the bugs and make it eaiser and better. Or perhaps in the future well get something even better than I2p.
No.16981
>>16958>Tor Project is clearly promoting its tool as a way to get access to Western propaganda in non-Western-aligned countries. For same reason even BBC and Facebook have their own .onion addressWhat other use of .onion services are they supposed to promote, in your opinion? Drug markets and child porn?
No.16990
>>16951It's probably
moderately secure, but don't believe by any means that it is foolproof. On paper, that the protocol seems mature or secure and that the source code is open seem to indicate that it is trustable. But in practice, the major involvement of glowies in the prominent maintainer organization and the interests of the U.S.'s deepstate are problems. For example, the maintenance devs easily can deliver information about security vulnerabilities to those glowies before proper fixes, if at all, are implemented into the codebase; for all people know, large stashes of zero-days could be in the feds' arsenal. The standard installation bundle uses the Firefox browser, slightly modified, as a front end, which introduces another plane of potential attack which is far more difficult to audit; modern web browsers are almost like a small OS in complexity.
And obviously the police run nodes, dark web hiddensite honeypots probably, and taps on exit node traffic, but that shit shouldn't be as much of a problem if good practices are followed.
Although the biggest but mundane obstacle is likely ironically not the security flaws but the wide proliferation of captcha and anti-DDoS, which even this website uses to prevent raiders and crapfloods, mostly justifiably.Really the lesson is that Communists, of all people, should not be naive and place all their trust into utopian-inclined technologies and that a good, well-disciplined party is far better an asset than overreliance on individualistic security technology measures. Stalin could count on his Bolshevik comrades to try to save him if he had gotten captured by the police, but could the crime-boss of the darkweb S.R. marketplace say the same?
No.17023
>>16981You're right, .onion services are absolutely 100% the way and only way to use Tor network, so they must absolutely and desperately be promoted by Tor Project, and the only good ones are westoid corps and propaganda machines, while everything else is 100% drug and pedo degeneracy, .onion drop points for whistleblowers don't exist at all, and in any case that would be a really bad showcase of .onion service design compared to a mere .onion mirror of MSM or megacorp social media site. Retard.
No.17051
>>16958>The people behind the project are idealistic libs who admittedly also oppose surveillance by Western govs, but effectively they are also helping with regime change efforts. Lol dumb cunt, that would be your nightmare wouldn't it, not being able to restrict information and contact with people around the world. Go fuck yourself and this FUD thread.
- Posted from my Tor browser
No.17063
Where do people who post on leftypol discuss tech issues related to tor? IRC? I need something like 4chan cheat sheets on daily use.
No.17078
Tor has a problem with decentralization, there are about 2.5 million users on Tor but only about 9000 relays and bridges.
I2P on the other hand has about 60000 - 74000 routers, most of them routing traffic.
It's way easier to compromise the Tor network than I2P, despite I2P having a significant smaller user base… or am I missing something?
No.17085
>>16951Mostly trustable. As long as you keep your protection on Safest, you should be fine. I wouldn't be surprised if the gov. contributes to Tor because agents use it.
No.17118
Does clearnet torrenting at the same time as torbrowser browsing reduce security in any way? Just legal torrents.
Anyone who asks about threat models gets cursed to die horribly.
No.17146
>>17118It shouldn't, I can't think of any way it would.
No.17149
>>17023Imagine throwing a fit about the fact BBC and Facebook thought someone out there might find their .onion services useful, and that the Tor Project had the audacity to not make their entire marketing campaign specifically target *you*
No.18069
10000000000000% honeypot
No.18509
>>17118>>17146Theoretically it can actually, not wrt security but anonymity.
Imagine your Internet connection is spotty (and maybe not by chance). An observer could notice that the pattern of your torrenting connections matches the pattern of some endpoint Tor connections, so it's possible to correlate the two. However that would require detailed monitoring of a huge chunk of the global network.
You might think the US would spend resources on such extensive monitoring only if its existence was fundamentally threatened, but these days even a hobby weather balloon is an equal threat to the US gov as Al Qaeda going nuclear. So all of our threat models need to be completely revised.
No.19301
>>19300find a client with socks5 proxying and configure it with torsocks (127.0.0.1:9050)
hexchat for irc, gajim for xmpp, element for matrix ig
No.19302
>>19301ok I'll check em out thanks
No.19309
>>19302be aware gajim has a decent amount of security vulnerabilities, not as much as other XMPP client implementations, that you should keep up to date on
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=gajim No.19314
>>19309gotcha. do you know what the deal is with pidgin?
No.19318
>>16296Is there anything similar to tor that doesn't have open connections to glowies like tor does?
No.19450
Good:
>Tor
Avoid:
>4chan - garbage.
>Reddit - garbage.
>Any altchan (except for here, not including Tor IBs)
>Element (formerky riot.im) - not actually encrypted or safe, given how they can still see what you're doing, provided that your homeserver is matrix.org. i'd watch out. You can self-host, but that requires maintenance and technical know-how (+ a registrar that won't kick you) assuming you run a server of your own. But if you want to find one? Self-hosted Element instances are hard to come by, namely because no single list of all the differebt websites that have their own Ekement chat client. So you're just gonna have to know what you're looking for. So is it centralized? Pretty much, yes.
>Viber - requires a GSM number. You cannot use VoIP. So as a result I never used it.
>Discord - garbage.
>Telegram - AGAIN centralized. You do know they can see everything you do on there, right (aside from maybe two way chats or invite-only servers, which even then that app glows)
>Yahoo Answers - rest in piss. Also, fuck Yahoo.
>YouTube - censors people with their stupid fucking algorithm that they only implemented until after Charlottesville. It was first about "extremist content" on the site, but now its been taken to a new level to include literally EVERYBODY. Thanks a lot, N*zis.
>Google - See above. Also, GARBAGE!
>the Daily Stormer/The Purity Spiral/other "white nationalist" blogs and forums.
>Encyclopedia Dramatica - moderated by a literal sperg/lolcow (Umkemesik) who got trolled by some pedo who he later banned (Likeicare & Addie were the only two on that entire forum who actually knew what was going on). Actually, this website has had serious owner issues ever since Girlvinyl left, starting with Zaiger.
>Kiwi Farms - fuck Josh.
>Forums - are dead.
>anything mental health-related (like Sanctioned Suicide) - doesn't help anybody as opposed to having IRL friends (to which I have none). Generally not a good place to go due to trolls. Man, people these days. When I was depressed, what I found that helped was writing journals and the like.
>Dropbox and other file sharing sites - just learn how to seed magnet links you fucking retard.
>incel websites and other 'manosphere' forums - garbage. Also, cringe.
>columbine fanboy terrorist shit - don't get the feds knocking on your door. Avoid edgy websites and making edgy searches on Google. That's all I can tell you.
And I think that should be it (although there's probably more). Anybody got any more good ones?
No.19451
beware: green thread
No.19452
>>19451This is a matter of Tor vs. ICANN. The only exception are apps.
No.19453
Centralization/decentralization is irrelevant if what's being sent is encrypted by yourself.
No.19454
Btw did you write all that while jerking yourself off in front of a mirror?
No.19455
Also, fuck Bitchute, Coinbase and BitStamp (along with any other KYC BTC exchange). Use localmonero.co.
No.19459
"Decentralization" is a reactionary shibboleth
There's nothing wrong with ICANN
No.19464
>pony.townYou can make a pony and put furniture in they house and eat broom.
<any site / frontend that's just a document with forms but you need javascript for the page itself to load. Even most social media would do fine with a hydration method like how Astro does it. Fuck infinite scrolling.>neocities.orgYou can make a static site without having to set up a server first, good enough for a lot of use-cases, and a good learning tool. Self-hostable too so you can provide a similar service to friends.
<Any site that overrides right clicking with it's own shit: fbi.gov, misskey, a lot of academic software, ect…>rotatingsandwiches.comSpeen
<TorGlows even if it meant well due to naive implementation.
<CryptoGlows because it's literally made and shilled by feds. Also makes people reactionary against decentralization as a concept by being the stupidest implementation of a decentralized system imaginable. See:
>>19459>petittube.comI think YouTube or a YouTube competitor like BiliBili (I've never used BiliBili but I assume it doesn't) should just have a 'recently uploaded' page, seeing people just use the site like one would imgur gives me hope for a post-search engine internet.
<search enginesYou never needed it, and if you do it's only because other people are using it, so you have to use it to keep up with them. Drinking coffee forces your coworkers to drink coffee. Critical support for AI spam articles.
>Draw-a-boxI haven't got into it but I like the concept, gonna try it this summer.
<curseforge<modrinthPeople need to learn to do modpacks in a way that doesn't rely of some centralzed shit to work. Like just host your mods on github and make a bash script that wgets the releases.
No.19465
ISPs cannot accurately monitor all of their internet traffic, but they can filter IPs and DNS requests. If TOR immediatly puts you on a list, using it is a gamble on if any of the sites you visit are monitored. I think traffic correlation is a meme for anyone other than high-profile darknet dealers and can be mitigated with the right tools.
No.19466
>>19450this is true if you have no friends and spent all your time looking at loli hentai
No.19467
>>19466wow amerikkkans truly must make everything center around this huh?
No.19468
>>19467clarify please
>center around friendsno, amerikkkans can be remarkably asocial
>center around hentaitrue for a lot of porn-addicted reactionaries (as if there's any other kind)
No.19469
>>19466>>19468Massive American projection at play here.
No.19471
kuso
No.19481
>>19464>>neocities.orgThis is Substack but better because it lets you do fucked up CSS shit like old school Tumblr except it's even better than Tumblr because you won't get death threats for not shipping Doctor Who with some other BBC IP
No.19482
>>19481>because you won't get death threats for not shipping Doctor Who with some other BBC IPLmao. Kinda miss tumblr though.
No.19483
SS is pretty nice desu
No.19657
>only use tor with nyx log window open
>browse innocuous onion sites
>nyx sleeps
>browse my /leftypol/ onion
>nyx log always wakes after 20 mins and goes wild
>pattern noticing
No.19659
>>19657Explain the implications for a brainlet like me pls. Is leftypol a honeypot?
No.19660
>>19318Stop derailing the thread with this stupid shit
TOR is still the best anonymizer out there
I2P isn't a magic pill either
No.19673
>>18509>An observer could notice that the pattern of your torrenting connections matches the pattern of some endpoint Tor connections, so it's possible to correlate the two.I could be wrong but aren't there a lot of people torrenting different things at the same time ? Seems to me it would be hard to correlate the two, especially if the user hides his location.
No.19676
>>16296>>19675change your app shortcuts in Qubes Manager to allow your disposable vms to Open File Manager.
Start your disposable by opening file manager.
use the text bar in file mangaer to navigate to home/user/.tb/tor-browser
now you can double click on "start tor browser desktop" to open tor
from tor you can save bookmarks
since you have file manager open you can send the bookmark files from your disposable to Vault or another permanent qube.
you can also import bookmarks to your disposable from Vault and then to your tor browser when you make a new disposable.
No.19773
>>19675Of course, you're not a real leftist if you don't.
No.20121
Fuck I didn't mean to bump. Nannies please merge into for thread
No.21984
>1400 x 900 window size
oh fucking based thank you Father Stallman
No.21989
>>19657could be the flare of the cloud
No.22283
>be me, using tor n' stuff
>one day my tor traffic gets super fucking slow
>no matter how many nodes i try it's just SUPER fucking slow, can't load anything without waiting minutes
>decide to try using a bridge
>normal speeds are back
a-am i getting spooked?? are the feds fucking with me? say it ain't so bros
No.22284
>>22283anyone can tell youre using tor by looking at your isp logs
No.22285
>>22284sure, but is there a reason
(a spook reason) to throttle it?
it's not like i'm being blocked from connecting to tor, i can, it's just slow as shit without a bridge
No.22286
>>22285>>22283There's been cases of ISPs banning Tor but if that happened you wouldn't be able to use it at all. Maybe the relays you connected to at first are slow.
No.22287
>>22286>There's been cases of ISPs banning Tor but if that happened you wouldn't be able to use it at allyeah i don't think that's it
>Maybe the relays you connected to at first are slowno, i tried like 30+ circuits and every single one was slow as shit
my speeds only went back to normal after i enabled a bridge
No.22288
>>22287A fed wouldn't throttle your connection because then it means less evidence of whatever they're trying to get too.
No.22358
>>22283it could be a network-wide ddos, it happens sometimes, check the tor project's stats on the network
it could be that ur ISP just thinks ur a less important customer if you're connecting to Tor so they deprioritize ur traffic
No.22433
>>22287Have you tried using bridges?
It might be your entry guard being slow. It shouldn't be, but your Tor client will keep using them if they are because they only change every few months.
No.22555
>>22554Good way of telling TSA to detain your laptop.
No.22965
five eyes glowies OUT!
StrictNodes 1
GeoIPExcludeUnknown 1
#ExcludeNodes {au}, {ca}, {gb}, {nz}, {us}
ExcludeExitNodes {au}, {ca}, {gb}, {nz}, {us}
NodeFamily {au}, {ca}, {gb}, {nz}, {us}
#UseNTorHandshake 1
PathsNeededToBuildCircuits 0.95 No.22966
>>22965The full list is {AU}, {CA}, {US}, {NZ}, {GB}, {DK}, {FR}, {NL}, {NO}, {BE}, {DE}, {IT}, {ES}, {SE}
Onions are hopelessly slow with this enabled though.
No.23141
Top countries for Tor relays are:
Germany
United States
Netherlands
France
Finland
Poland
Canada
Switzerland
United Kingdom
Austria
https://metrics.torproject.org/rs.html#aggregate/ccThe problem is that relays are hosted where it's cheap, but those tend to be 14 eyes countries. Need more relays in Cuba and Nicaragua to make sure the glowies can't control the network.
No.23143
>>22966They said "Five Eyes."
No.23144
>>22965Thx for the info, anon. How does one configure this in the Tor Browser?
No.23247
>>16951That's the problem with Tor, it is by and for the US government. it's good enough for some cases, if you live in an enemy state of the US (or the broader west) if you can safely and anonymously access it, it becomes very useful. or if you're trying to hide from other local personal danger. other than that, I'm not sure I'd trust it for anything else.
No.23248
>>23247continued.
there is also the issue of it being mainly only hosted in free and democratic western countries, it's a shame because this makes the network less useful. hosting Tor anywhere else in the world is almost certainly asking for a death sentence.
No.23250
>>23249
Fwee and democwatic
No.23252
>>23250yea yea yea, but compared to the rest of the world western countries are "free" and "democratic".
good luck trying to defend LGBTQ rights in a shithole in the middle of no where.
No.23264
>>16951Good post. Yes Tor is technologically sound on paper but there are many variables that should be considered if using it for something actually illegal, or for whistle-blowing in the 5 eyes. Tors purpose as far as I can tell is to enable dissidents in enemy nations to the 5 eyes. USA built it to destabilize other nations politically. Government is in very close contact with the devs and there has been instances of known vulnerabilities being kept quiet for the CIAs benefit. I would suspect the CIA/NSA has the means and political leverage in the project to de-anonymize a target they were heavily interested in, it just seems to be the logical conclusion when you start looking at all the variables. Chances are you of little interest, even less so living outside of presumably NATO(you would have your own gov to contend with though)
BUT if you were someone of a high value living in the west, I would not rely on Tor to keep you safe.
No.23269
>>23247If you criticize something then suggest an alternative. It would be much, much useful than listing Tor's flaws. I know about I2P but it's limited to its own hidden network, it's not for clearnet use.
No.23270
>>23252>my capitalism is better than your capitalismgroan
No.23271
>>23269There may not even be an alternative for the specific use case you have. Just tread carefully, I think the thread can be summed up with that
No.23272
>>23271>Just tread carefullyWell, this is obvious. Noone should trust anything blindly. That's why people don't trust systemd and Linux for example despite them being OPEN SOURCE!! IT'S OPEN SOURCE, GUYS, THAT MEANS IT'S PERFECT!!
No.23274
>>23272Honestly for 99% of people you can trust Tor. If you're some big dicked alpha running some crazy drug service or doing highly illegal shit that people both care about and have a paid incentive to stop, I would not at all trust Tor to keep you safe and would completely remodel your anonymity setup and would look towards i2p or some more advanced setup between you and Tor
No.23276
>>23274Wonder why the online drug cartel hasn't yet switched to something else like i2p, they seem to trust Tor way too much to run a multi million dollar highly illegal business. or are all those markets just psyops by glowies?
No.23277
>>23276Some of them do, but they get dropped left and right and arrested all the time. Hard to say truly how they're getting fucked as well since we can only really go by what law enforcement says. Either way those types of people have to be looking over their shoulders forever once they get involved with shit like this. Also Im pretty sure there are i2p drug distributors but thats besides the point
Unique IPs: 17