Consider only accessing this kind of community from the "darkweb"

[Nils]

I don't really have time to link things, nor do I think this is that big of a deal, but as for me I'm on Tor for sure. I did provide words and phrases for you to look up on your own.

And there are sites where people have been visited by the authorities and I wont be confirming which ones they are.

I have really important information and make bold claims but don't have time to provide any evidence for you.



The simple fact is that if talking about illegal activity was all it took to get a knock on your door then many people on this and other sites would have been arrested and you wouldn't have to search for articles proving it because it would be all over every newspaper in the country because people do this all day every day. And people do MUCH more than simply write text. Have you seen the pictures and videos from members of many marijuana grow sites? The Patriot Act was signed into law over a decade ago. I think they would have been on it by now. If you feel the need for extra security, by all means go for it. Just don't tell me my First Amendment is gone when I see it being used every day.

 

[jimm]

whaaaat?

Dude they easily inject the little lock icon or whatever plus it still reads https..

The tools make it all seemless, you dont even have to re-approve the certificate like happened in the early versions..

You cannot tell..

I'm just seeing this now but let me get this slight misunderstanding out of the way.

This kind of attack is in essence a man-in-the-middle attack by ARP spoofing:
1) The attacker makes your computer think that they are the destination of all your internet traffic (ARP spoofing)
2) The attacker makes the HTTPS connection to the DMT-Nexus server.
3) The attacker relays the traffic from and to the DMT-Nexus server to you via an unsecured line (HTTP, so without the S).

So what happens with this attack is the following:

YOU <- HTTP -> ATTACKER <- HTTPS -> DMT-Nexus server

This way the attacker can read your unencrypted traffic from and to the DMT-Nexus server.

As you probably already have guessed, the solution to prevent this kind of attack is rather simple: check if you are connecting to the DMT-Nexus via HTTPS!

If HTTPS is showing then your line is secure. With HTTPS your ISP can still see that you connect to the DMT-Nexus server but they cannot see what threads you read and which posts you make.


Kind regards,

The Traveler

 

[The Traveler]

whaaaat?

Dude they easily inject the little lock icon or whatever plus it still reads https..

The tools make it all seemless, you dont even have to re-approve the certificate like happened in the early versions..

You cannot tell..

The lock icon is just the favicon. Exploits like that are the main reason why the favicon is not shown anymore in the address bar in Chrome for example .

And no, you will see HTTP and not HTTPS. Please look more into this if you want to make certain claims.


Kind regards,

The Traveler

 

[Mr.Peabody]

^^^ Why do you think it puts one at higher risk? People use Tor for other purposes besides activities contrary to law (although nothing here is illegal, since for the moment we still have free speech), so I don't think Tor sends off a beacon. I could be wrong.

And how can it be tracked?

I'm not trying to be argumentative or contrary, I am honestly interested. I don't know a lot of how these things work. I do know, no matter what any one does to stop people with software from doing something, there's always a way around it. The only way to beat hacker type activities is to be one step ahead.

 

[nen888]

..the so called 'darkweb' tor system is not 100% secure!

the operators of at least one darkweb sale or trade drug site were all tracked and taken to court..

make Your Life secure..then you don't have to fuss so much..
.

 

[Shaolin]

TFM bust (or LulzSec & Anonymous arrests) happened due to other reasons rather than the (in)security of the Tor network.

 

[jimm]

Sorry, I don't test with Chrome because I don't use things with such TOS.
Firefox doesn't have these colors.

The lock icon is just the favicon. Exploits like that are the main reason why the favicon is not shown anymore in the address bar in Chrome for example .

And no, you will see HTTP and not HTTPS. Please look more into this if you want to make certain claims.


Kind regards,

The Traveler

 

[The Traveler]

Sorry, I don't test with Chrome because I don't use things with such TOS.
Firefox doesn't have these colors.

The lock icon is just the favicon. Exploits like that are the main reason why the favicon is not shown anymore in the address bar in Chrome for example .

And no, you will see HTTP and not HTTPS. Please look more into this if you want to make certain claims.


Kind regards,

The Traveler

I colored the HTTP and HTTPS to make the difference more clear, I'm sorry if that caused a misunderstanding.

In FireFox you will also see that the site still uses HTTP with this attack (again, just colored here to make the difference more clear).


Kind regards,

The Traveler

 

[DisEmboDied]

For those who do not know yet, one can download Tor to browse the internet safely:

The Tor Project | Privacy & Freedom Online

Defend yourself against tracking and surveillance. Circumvent censorship.

www.torproject.org

This will be old news to some, but brand new awesome news for others.

BUT, read up on the ways in which Tor is not safe, certain precautions and things must be done to stay safe and anonymous, such as not going to certain sites, etc.

Enjoy!

 

[The Traveler]

For those who do not know yet, one can download Tor to browse the internet safely:

The Tor Project | Privacy & Freedom Online

Defend yourself against tracking and surveillance. Circumvent censorship.

www.torproject.org

Uhm, did you actually READ the first post in this thread??? :?:


Kind regards,

The Traveler

 

[a1pha]

Uhm, did you actually READ the first post in this thread??? :?:

Forgive me, he started a new thread on the subject of Tor. In the interest of keeping the forum clean I moved it here.

 

[Untm]

:?

 

[The Traveler]

Uhm, did you actually READ the first post in this thread??? :?:

Forgive me, he started a new thread on the subject of Tor. In the interest of keeping the forum clean I moved it here.

Ah, that explains it.

Thank you for making this clear a1pha and sorry for me quick assumption DisEmbodied.


Kind regards,

The Traveler

 

[a1pha]

Am I just being ignorant, or are others being overly paranoid?

Guess who the target is on these days: users of anon networks.

Interesting development:

Use of Tor and e-mail crypto could increase chances that NSA keeps your data

While the documents make clear that data collection and interception must cease immediately once it's determined a target is within the US, they still provide analysts with a fair amount of leeway. And that leeway seems to work to the disadvantage of people who take steps to protect their Internet communications from prying eyes. For instance, a person whose physical location is unknown—which more often than not is the case when someone uses anonymity software from the Tor Project—"will not be treated as a United States person, unless such person can be positively identified as such, or the nature or circumstances of the person's communications give rise to a reasonable belief that such person is a United States person," the secret document stated.

Procedures used by NSA to minimize data collection from US persons: Exhibit B – full document

 

[Mitakuye Oyasin]

All of this info has my head swimming. I've used HMA as a VPN but have recently heard that this one in particular is NOT good. Any good VPN suggestions for someone in the US? Thanks!

 

[Red Eclipse]

If you have not already, I would take a quick glance at this 2008 32-slide presentation. Note this is 2008 capabilities, pre-megalith data center era.

Training materials for the XKeysc0re program detail how analysts can use it and other systems to mine enormous agency databases and develop intelligence from the web:

"Performs strong (e.g. email) and soft (content) selection." pg 2
"Provides real-time target activity." pg 2
"Show me all the VPN startups in country X, and give me the data so I can decrypt and discover the users" pg 17
"Show me all the exploitable machines in country X" pg 24

"How do I find a strong-selector for a known target"
"How do I find a cell of terrorists that has no connection to known strong-selectors"
"Answer: Look for anomalous events:
E.g. Someone whose language is out of place for the region they are in
Someone who is using encryption (emphasis mine)
Someone searching the web for suspicious stuff"

XKeyscore presentation from 2008 – read in full

Training materials for the NSA's XKeyscore program detail how analysts can use it and other systems to mine enormous agency databases and develop intelligence from the internet

www.theguardian.com

 

[Tengukashi]

You guys do realize that most of the nodes on the Onion network are most likely compromised and watched, right? This goes for most other layers of security as well. A well-funded organization like the US gov has outstanding penetration software and access to most ISPs as well. They are way far ahead of us...

 

[Tengukashi]

However, my friends...this should not stop you from disseminating information. Not at all. VPNs are still quite powerful methods of anonymity (for now), as are FOSS firewalls. We also have the power of free speech...for now. When that is taken, action against it must be as well. But until then, spread info as much as possible. It is the highest ethical purpose.

 

[shanedudddy2]

The freedom to speak is a bit meaningless when nobody listens