> I see this questioned regularly, and yeah it is generally a good idea. If you have a VPN provider that you trust to not keep logs, it can be a very good addition for your security setup.
Therein lies the problem. You can't trust VPN providers.
IMHO Even thought the provider would log it is still better than not using one in a lot of cases. If whoever can see my VPN address, he would otherwise see my real address directly.
In that way he has to find a way to get the VPN provider to give out my real address. What might be possible with a lot, but for sure not with all of them.
Also think countries, my country does barely have any contracts with other countries for crimes like this. So they would have to use a complicated way to actually force them to give out my data.
In most situations we are already way over the realistic damage done in forms of costs to catch the individual.
Cryptostorm are a decent VPN as they claim no logs are kept, however even if this is not accurate, their payment/token system allows you to access the service without linking it to you via a payment mechanism. To further cloud things you can pay with Bitcoin.
>> Therein lies the problem. You can't trust VPN providers.
Your link is borderline nonsense.
The only real evidence they give about not using VPN's is when hidemyass proxy gave up some Anon's in 2011. However, it very clearly states in the hidemyass TOS that their service is not to be used in illegal activity, which is exactly what the hackers who they gave up were doing. They only gave up the information after receiving a court order, even though they had seen the hackers in chats saying they used their service, at which point they did nothing until the government stepped in.
While the advice is okay, the title is a huge turn off. There is no such thing as the Darknet. Please stop referring to the TOR network this way. It is harmful to the community and encourages journalists to write about TOR in a negative way!
I have a negative view of the Tor network, actually the name I use is indeed Darknet (or Deep Web).
My take is that it is valuable to use Tor to (try at least) to escape companies tracking and government spying.
But to visit any website only available on Tor network is not worth any effort on my part, as I have no doubt (currently) that it is all about illegal porn or illegal drugs and sinister scams.
Anyone care to give some counter argument to why this Tor Network deserves a positive light?
I've always taken darknet to mean a network physically separate from the Internet, like a wireless mesh or something along those lines. However it's definitely changed in usage to mean any network that's not part of the public internet, even if it's layered on top of it, freenet, tor, ipfs even.
i mostly agree. and even spend some actual thought on it. the point is there are good guides for tor, those work perfectly well for people with basic IT understanding.
I tried to target my keywords to people who miss that understanding. People coming directly from YouTube having no idea what it is all about. Those search for the darkweb.
Nation state agencies just go to upstream providers and grab traffic metadata there, your VPS/VPN not keeping logs won't help against a targeted investigation. Even just downloading Tor or Tails gets your IP "task queued" according to Snowden leaks.
You would want to both obtain and use Tor nowhere near your meatspace identity, pref with different hardware than you usually use, and leave your phone at home if protection from tracking is your highest priority.
Most countries can barely force any other country to give out consumer data from local companies. If you do not live in a five eyes state we can safely assume that nobody will target you that way for Tor browsing.
Accessing Tor "safely" is something over and above accessing the normal internet safely. Advice like "don't open PDFs" isn't very helpful. Nor is "don't use javascript" or "don't log into social media." Such inactions don't help you access anything safely, they help you not access things in the first place.
(1) Use a secure OS. Unless you are security guru, that should be some flavour of linux. A liveUSB of Tails is pretty idiot proof. It worked for Snowden.
(2) Don't run any web browser, tor or otherwise, under any sort of elevated privilege (ie not while admin).
(3) Understand how to verify a website's certificates. You can indeed log into social media safely via tor (ie your password won't be harvested by the exit node) if you know how to verify the website.
(4) Don't take anonymity casually. Understand why you are using Tor, what you are protecting, who your adversary is, and develop relevant procedures. Don't rely on easy checklists you find at Tor-for-Dummies.com.
> Use a secure OS... A liveUSB of Tails is pretty idiot proof.
That implies Tails is very secure. Why is that? Is it because it has never been hacked before or has Tails been shown to be virtually hacker-proof? As someone non-technical I might be misunderstanding something. If so, can you clarify that?
Microsoft backported a lot of the logging and tracking to Windows 7 and 8 as well. Not all of it, but enough to consider any computer running fully updated Windows to be user-privacy compromised.
Lots of things leak information in ways that aren't considered and infection. Tools used to administer corporate infrastructure, for instance. Windows 10 might fit in that category too.
If anyone is interested, we (www.secfirst.org) just launched an Android open source app called Umbrella, which has lessons like this, along with a ton of other digital and physical security stuff. Everything from secure email to dealing with kidnap:
This article has several mistakes and typos. I find it actually hard to enjoy reading it, and it also seems very superficial. Am I the only one to feel this way?
Thank you for this feedback. I usually dont write, it is just a topic where i felt that could need some noob friendly coverage and just started writing. If i even proceed i will look into someone that proof reads my blabber. It is also not my first language.
> The SOCKS server does not interpret the network traffic between client and server in any way, and is often used because clients are behind a firewall and are not permitted to establish TCP connections to servers outside the firewall unless they do it through the SOCKS server.
This is a very poor answer and, while I'm pretty sure that you're just trolling, Tor is important enough that your 'claim' really needs to be rebutted.
Consider a service like SecureDrop. Armed with SecureDrop, journalists and dissidents/whistleblowers can communicate in a more secure way.
Or, consider a publication like Propublica. They set up a hidden service so that they could talk about censorship in China...and hopefully allow Chinese citizens to read it without ending up in serious legal trouble.
Statements like yours are the problem and I seriously hope that you take the time to educate yourself. Ignorance may be funny to you, but it makes it more dangerous for legitimate activists and journalists to use Tor.
[+] [-] sarciszewski|10 years ago|reply
Therein lies the problem. You can't trust VPN providers.
https://gist.github.com/joepie91/5a9909939e6ce7d09e29
[+] [-] warmlagoon|10 years ago|reply
In that way he has to find a way to get the VPN provider to give out my real address. What might be possible with a lot, but for sure not with all of them.
Also think countries, my country does barely have any contracts with other countries for crimes like this. So they would have to use a complicated way to actually force them to give out my data.
In most situations we are already way over the realistic damage done in forms of costs to catch the individual.
[+] [-] celticninja|10 years ago|reply
[+] [-] samstave|10 years ago|reply
[+] [-] necessity|10 years ago|reply
[+] [-] at-fates-hands|10 years ago|reply
Your link is borderline nonsense.
The only real evidence they give about not using VPN's is when hidemyass proxy gave up some Anon's in 2011. However, it very clearly states in the hidemyass TOS that their service is not to be used in illegal activity, which is exactly what the hackers who they gave up were doing. They only gave up the information after receiving a court order, even though they had seen the hackers in chats saying they used their service, at which point they did nothing until the government stepped in.
http://www.theregister.co.uk/2011/09/26/hidemyass_lulzsec_co...
[+] [-] tasqa|10 years ago|reply
[+] [-] soneca|10 years ago|reply
My take is that it is valuable to use Tor to (try at least) to escape companies tracking and government spying.
But to visit any website only available on Tor network is not worth any effort on my part, as I have no doubt (currently) that it is all about illegal porn or illegal drugs and sinister scams.
Anyone care to give some counter argument to why this Tor Network deserves a positive light?
[+] [-] aw3c2|10 years ago|reply
[+] [-] Tiksi|10 years ago|reply
[+] [-] TazeTSchnitzel|10 years ago|reply
[+] [-] herbst|10 years ago|reply
I tried to target my keywords to people who miss that understanding. People coming directly from YouTube having no idea what it is all about. Those search for the darkweb.
Anyway. Kudos on pointing this out.
[+] [-] CptThrowawy|10 years ago|reply
You would want to both obtain and use Tor nowhere near your meatspace identity, pref with different hardware than you usually use, and leave your phone at home if protection from tracking is your highest priority.
[+] [-] herbst|10 years ago|reply
Most countries can barely force any other country to give out consumer data from local companies. If you do not live in a five eyes state we can safely assume that nobody will target you that way for Tor browsing.
[+] [-] zlatan_todoric|10 years ago|reply
https://www.whonix.org/wiki/Qubes
[+] [-] etiam|10 years ago|reply
[+] [-] sandworm101|10 years ago|reply
(1) Use a secure OS. Unless you are security guru, that should be some flavour of linux. A liveUSB of Tails is pretty idiot proof. It worked for Snowden.
(2) Don't run any web browser, tor or otherwise, under any sort of elevated privilege (ie not while admin).
(3) Understand how to verify a website's certificates. You can indeed log into social media safely via tor (ie your password won't be harvested by the exit node) if you know how to verify the website.
(4) Don't take anonymity casually. Understand why you are using Tor, what you are protecting, who your adversary is, and develop relevant procedures. Don't rely on easy checklists you find at Tor-for-Dummies.com.
[+] [-] birdperson|10 years ago|reply
That implies Tails is very secure. Why is that? Is it because it has never been hacked before or has Tails been shown to be virtually hacker-proof? As someone non-technical I might be misunderstanding something. If so, can you clarify that?
Thanks.
[+] [-] Havoc|10 years ago|reply
"otherwise"? Is that code for has Windows 10 written on the box?
[+] [-] zanny|10 years ago|reply
[+] [-] TallGuyShort|10 years ago|reply
[+] [-] secfirstmd|10 years ago|reply
https://play.google.com/store/apps/details?id=org.secfirst.u...
[+] [-] vjvj|10 years ago|reply
[+] [-] Sir_Cmpwn|10 years ago|reply
[+] [-] esMazer|10 years ago|reply
[+] [-] simonebrunozzi|10 years ago|reply
[+] [-] herbst|10 years ago|reply
(i am actually even surprised about the interest)
[+] [-] megraf|10 years ago|reply
> The SOCKS server does not interpret the network traffic between client and server in any way, and is often used because clients are behind a firewall and are not permitted to establish TCP connections to servers outside the firewall unless they do it through the SOCKS server.
[+] [-] kauegimenes|10 years ago|reply
[+] [-] sidcool|10 years ago|reply
[+] [-] leoplct|10 years ago|reply
[+] [-] hluska|10 years ago|reply
Consider a service like SecureDrop. Armed with SecureDrop, journalists and dissidents/whistleblowers can communicate in a more secure way.
Or, consider a publication like Propublica. They set up a hidden service so that they could talk about censorship in China...and hopefully allow Chinese citizens to read it without ending up in serious legal trouble.
Statements like yours are the problem and I seriously hope that you take the time to educate yourself. Ignorance may be funny to you, but it makes it more dangerous for legitimate activists and journalists to use Tor.
[+] [-] nvrsummer|10 years ago|reply
[+] [-] node_gt_go|10 years ago|reply