General thread about Tor.
Is there any problem with going to
https://leftypol.org/ and then clicking on the .onion site? I can't store
http://76i2c3hn55fcj5nut3tqlboqqbbh23zvphv7lefk3vftpx6wketlanyd.onion/ in my browser because it's in a disposable VM.
>>16296Desktop file like such:
[InternetShortcut]
URL=http://76i2c3hn55fcj5nut3tqlboqqbbh23zvphv7lefk3vftpx6wketlanyd.onion/tech/cat
alog.html
VM=web
Get a little scripty like such:
#!/bin/bash
URL=$(grep 'URL' "$1" | awk 'BEGIN{ FS = "="} {print $2}' -)
VM=$(grep 'VM' "$1" | awk 'BEGIN{ FS = "="} {print $2}' -)
onion=$(grep "\.onion" "$1" )
case $onion in
"") qvm-run-vm $VM firefox-esr $URL;;
*) qvm-run-vm $VM torbrowser $URL;;
esac(there's also qvm-open-in-dvm)
and put in a desktop file under /usr/share/applications/ and set it to exec your script for application/x-mswinurl mimetype (you might need to fuck with mimeinfo or mimeapps documents? idk :p dont remember, probably not, maybe u know better than I). Then keep a bookmark file and open them at your leisure… its not perfect tho - these days i use the desktop file system and just open in vim, then copy paste lmao
>>16313oh sorry i didnt clarify, but this goes in an appvm or smth, not dom0. The idea is to use a file manager as a bookmark opener.
Though when i was searching for this stuff i noticed my desktop file for the bookmark opener script was gone so it possibly does get rmoved, maybe after update, maybe if you just never use it like me
>>16319semi-tru. They used to be the bulk of funding, they rely on it and helped develop it, but the nodes are ran by volunteers, which for the most part seem like not-glowies. There are mechanisms for removing sussy nodes btw, and the tor people are pretty good. Lots of criminals rely on tor to keep them safe, and they are also huge contributors to the devs/foundation, and some more self-aware ones run nodes.
Also as a protocol for anonymizing IP and encrypting packets - it just works, it hasnt been broken, yet.
Id like to talk about how trustable is TOR actually?
> The code is open
Not everybody can read it, many checkers are not trustable and the CIA even admitted that it kills by using Metadata.
The Authority nodes are centralized, in universitys and maintained by ex government people from the CIA for example.
I also once read a study by a university on who funds the TOR project, tldr, over 80-90% the US government, mainly the department of defence.
So a system developed by the US government, the developers being mainly from them, it being mainly funded by them, the CIA killing based on metadata, it is fair to ask the question if we can even trust TOR.
So, since US agents use tor to communicate with their government they need us people to actively use TOR so they are more hidden, and of course they, if they could see everything on tor, would not arrest everyone who does illegal shit because they dont care about stuff thats not a threat to their money and deepstate. And there have been some moments where big bugs have been arrested by authorities by the FBI where we are still asking ourselves, AFAIK, how they knew of this bug/way of finding people over TOR. So how much else do they know in case they actually need to make someone vanish? The people behind TOR are definetly not trustable, but they hold the most power.
so what do you guys think about this?
>>16955>What we really need is more nodes outside of fourteen eyes countriesThere are though
I remember many nodes while using it being in like African countries and whatnot
>>16955That does not better much, there are very many gov malicious nodes and they can just create more if they need to. stuff like these are just flaws in TORs system in general. We need something better, actually we have. It just needs as much attention as tor and if it does we need to focus that this will not be overtaken by the people that are against us.
And the betters shit is I2p. It is already possible to go to clearnet with it with gates n shit, but thats what im talking about. If it gets as much attention we can fix all the bugs and make it eaiser and better. Or perhaps in the future well get something even better than I2p.
>>16951It's probably
moderately secure, but don't believe by any means that it is foolproof. On paper, that the protocol seems mature or secure and that the source code is open seem to indicate that it is trustable. But in practice, the major involvement of glowies in the prominent maintainer organization and the interests of the U.S.'s deepstate are problems. For example, the maintenance devs easily can deliver information about security vulnerabilities to those glowies before proper fixes, if at all, are implemented into the codebase; for all people know, large stashes of zero-days could be in the feds' arsenal. The standard installation bundle uses the Firefox browser, slightly modified, as a front end, which introduces another plane of potential attack which is far more difficult to audit; modern web browsers are almost like a small OS in complexity.
And obviously the police run nodes, dark web hiddensite honeypots probably, and taps on exit node traffic, but that shit shouldn't be as much of a problem if good practices are followed.
Although the biggest but mundane obstacle is likely ironically not the security flaws but the wide proliferation of captcha and anti-DDoS, which even this website uses to prevent raiders and crapfloods, mostly justifiably.Really the lesson is that Communists, of all people, should not be naive and place all their trust into utopian-inclined technologies and that a good, well-disciplined party is far better an asset than overreliance on individualistic security technology measures. Stalin could count on his Bolshevik comrades to try to save him if he had gotten captured by the police, but could the crime-boss of the darkweb S.R. marketplace say the same?
>>16958>The people behind the project are idealistic libs who admittedly also oppose surveillance by Western govs, but effectively they are also helping with regime change efforts. Lol dumb cunt, that would be your nightmare wouldn't it, not being able to restrict information and contact with people around the world. Go fuck yourself and this FUD thread.
- Posted from my Tor browser
>>17118>>17146Theoretically it can actually, not wrt security but anonymity.
Imagine your Internet connection is spotty (and maybe not by chance). An observer could notice that the pattern of your torrenting connections matches the pattern of some endpoint Tor connections, so it's possible to correlate the two. However that would require detailed monitoring of a huge chunk of the global network.
You might think the US would spend resources on such extensive monitoring only if its existence was fundamentally threatened, but these days even a hobby weather balloon is an equal threat to the US gov as Al Qaeda going nuclear. So all of our threat models need to be completely revised.
>>19300find a client with socks5 proxying and configure it with torsocks (127.0.0.1:9050)
hexchat for irc, gajim for xmpp, element for matrix ig
Good:
>Tor
Avoid:
>4chan - garbage.
>Reddit - garbage.
>Any altchan (except for here, not including Tor IBs)
>Element (formerky riot.im) - not actually encrypted or safe, given how they can still see what you're doing, provided that your homeserver is matrix.org. i'd watch out. You can self-host, but that requires maintenance and technical know-how (+ a registrar that won't kick you) assuming you run a server of your own. But if you want to find one? Self-hosted Element instances are hard to come by, namely because no single list of all the differebt websites that have their own Ekement chat client. So you're just gonna have to know what you're looking for. So is it centralized? Pretty much, yes.
>Viber - requires a GSM number. You cannot use VoIP. So as a result I never used it.
>Discord - garbage.
>Telegram - AGAIN centralized. You do know they can see everything you do on there, right (aside from maybe two way chats or invite-only servers, which even then that app glows)
>Yahoo Answers - rest in piss. Also, fuck Yahoo.
>YouTube - censors people with their stupid fucking algorithm that they only implemented until after Charlottesville. It was first about "extremist content" on the site, but now its been taken to a new level to include literally EVERYBODY. Thanks a lot, N*zis.
>Google - See above. Also, GARBAGE!
>the Daily Stormer/The Purity Spiral/other "white nationalist" blogs and forums.
>Encyclopedia Dramatica - moderated by a literal sperg/lolcow (Umkemesik) who got trolled by some pedo who he later banned (Likeicare & Addie were the only two on that entire forum who actually knew what was going on). Actually, this website has had serious owner issues ever since Girlvinyl left, starting with Zaiger.
>Kiwi Farms - fuck Josh.
>Forums - are dead.
>anything mental health-related (like Sanctioned Suicide) - doesn't help anybody as opposed to having IRL friends (to which I have none). Generally not a good place to go due to trolls. Man, people these days. When I was depressed, what I found that helped was writing journals and the like.
>Dropbox and other file sharing sites - just learn how to seed magnet links you fucking retard.
>incel websites and other 'manosphere' forums - garbage. Also, cringe.
>columbine fanboy terrorist shit - don't get the feds knocking on your door. Avoid edgy websites and making edgy searches on Google. That's all I can tell you.
And I think that should be it (although there's probably more). Anybody got any more good ones?
>pony.townYou can make a pony and put furniture in they house and eat broom.
<any site / frontend that's just a document with forms but you need javascript for the page itself to load. Even most social media would do fine with a hydration method like how Astro does it. Fuck infinite scrolling.>neocities.orgYou can make a static site without having to set up a server first, good enough for a lot of use-cases, and a good learning tool. Self-hostable too so you can provide a similar service to friends.
<Any site that overrides right clicking with it's own shit: fbi.gov, misskey, a lot of academic software, ect…>rotatingsandwiches.comSpeen
<TorGlows even if it meant well due to naive implementation.
<CryptoGlows because it's literally made and shilled by feds. Also makes people reactionary against decentralization as a concept by being the stupidest implementation of a decentralized system imaginable. See:
>>19459>petittube.comI think YouTube or a YouTube competitor like BiliBili (I've never used BiliBili but I assume it doesn't) should just have a 'recently uploaded' page, seeing people just use the site like one would imgur gives me hope for a post-search engine internet.
<search enginesYou never needed it, and if you do it's only because other people are using it, so you have to use it to keep up with them. Drinking coffee forces your coworkers to drink coffee. Critical support for AI spam articles.
>Draw-a-boxI haven't got into it but I like the concept, gonna try it this summer.
<curseforge<modrinthPeople need to learn to do modpacks in a way that doesn't rely of some centralzed shit to work. Like just host your mods on github and make a bash script that wgets the releases.
>>19467clarify please
>center around friendsno, amerikkkans can be remarkably asocial
>center around hentaitrue for a lot of porn-addicted reactionaries (as if there's any other kind)
>>19318Stop derailing the thread with this stupid shit
TOR is still the best anonymizer out there
I2P isn't a magic pill either
>>16296>>19675change your app shortcuts in Qubes Manager to allow your disposable vms to Open File Manager.
Start your disposable by opening file manager.
use the text bar in file mangaer to navigate to home/user/.tb/tor-browser
now you can double click on "start tor browser desktop" to open tor
from tor you can save bookmarks
since you have file manager open you can send the bookmark files from your disposable to Vault or another permanent qube.
you can also import bookmarks to your disposable from Vault and then to your tor browser when you make a new disposable.
>>22284sure, but is there a reason
(a spook reason) to throttle it?
it's not like i'm being blocked from connecting to tor, i can, it's just slow as shit without a bridge
>>22286>There's been cases of ISPs banning Tor but if that happened you wouldn't be able to use it at allyeah i don't think that's it
>Maybe the relays you connected to at first are slowno, i tried like 30+ circuits and every single one was slow as shit
my speeds only went back to normal after i enabled a bridge
>>22283it could be a network-wide ddos, it happens sometimes, check the tor project's stats on the network
it could be that ur ISP just thinks ur a less important customer if you're connecting to Tor so they deprioritize ur traffic
>>22287Have you tried using bridges?
It might be your entry guard being slow. It shouldn't be, but your Tor client will keep using them if they are because they only change every few months.
five eyes glowies OUT!
StrictNodes 1
GeoIPExcludeUnknown 1
#ExcludeNodes {au}, {ca}, {gb}, {nz}, {us}
ExcludeExitNodes {au}, {ca}, {gb}, {nz}, {us}
NodeFamily {au}, {ca}, {gb}, {nz}, {us}
#UseNTorHandshake 1
PathsNeededToBuildCircuits 0.95>>22965The full list is {AU}, {CA}, {US}, {NZ}, {GB}, {DK}, {FR}, {NL}, {NO}, {BE}, {DE}, {IT}, {ES}, {SE}
Onions are hopelessly slow with this enabled though.
Top countries for Tor relays are:
Germany
United States
Netherlands
France
Finland
Poland
Canada
Switzerland
United Kingdom
Austria
https://metrics.torproject.org/rs.html#aggregate/ccThe problem is that relays are hosted where it's cheap, but those tend to be 14 eyes countries. Need more relays in Cuba and Nicaragua to make sure the glowies can't control the network.
>>23247continued.
there is also the issue of it being mainly only hosted in free and democratic western countries, it's a shame because this makes the network less useful. hosting Tor anywhere else in the world is almost certainly asking for a death sentence.
>>23250yea yea yea, but compared to the rest of the world western countries are "free" and "democratic".
good luck trying to defend LGBTQ rights in a shithole in the middle of no where.
>>16951Good post. Yes Tor is technologically sound on paper but there are many variables that should be considered if using it for something actually illegal, or for whistle-blowing in the 5 eyes. Tors purpose as far as I can tell is to enable dissidents in enemy nations to the 5 eyes. USA built it to destabilize other nations politically. Government is in very close contact with the devs and there has been instances of known vulnerabilities being kept quiet for the CIAs benefit. I would suspect the CIA/NSA has the means and political leverage in the project to de-anonymize a target they were heavily interested in, it just seems to be the logical conclusion when you start looking at all the variables. Chances are you of little interest, even less so living outside of presumably NATO(you would have your own gov to contend with though)
BUT if you were someone of a high value living in the west, I would not rely on Tor to keep you safe.
Unique IPs: 18