As you can see in the title, the topic of this post is how secure is Tor. I want to write  a brief because a lot of people especially newbies think that Tor Network hide them from Feds. Let's start:

1- How Tor Works?

Tor Network crypts your data and send to destination through 3 computers. When you want to go to a site, Tor Browser connects 3 computers one by one and sends crypted data through them to destination site's server. Only the first computer in the network knows your IP adress but it doesn't know the destination. Last computer in the network knows only destination but doesn't know your information.
either computers in the network, destination computer or ISPs are able to figure out what you are doing, where you are connecting and who you are. Great! It's all secure!
But...
The Tor Network has some weaknesses. Let's talk about them:

2- Tor Network's Weaknesses

2.a- Unsecure connection to a site

If you connect a site without SSL Certificate, last computer in your pipeline can read your http content and steal your data.

2.b- ISP Crosscheck (Very very dangerous! Be careful)

When you connect Tor Network, your ISP knows that you connected to Tor Network and your destination server knows that data request comes from Tor Network. If someone (like damn Feds.) check connection timing, amount of sent-received data he can easily figure out that the guy who connected the destination server is YOU! I have shared an example with you below.

https://www.wnycstudios.org/podcasts/otm/articles/harvard-bomb-threat

Plus %70 of tor network's computers belongs to intelligence services of particular countries like Germany, US. Tor Developers bans them when they detect but they are still there..

The brief belongs to me. Sorry for English, it is not my native language. Thank you for reading.
-blackhatresearcher

you are a glownigger kys

(April 15, 2022, 11:31 PM)blackhatresearcher Wrote: As you can see in the title, the topic of this post is how secure is Tor. I want to write  a brief because a lot of people especially newbies think that Tor Network hide them from Feds. Let's start:


1- How Tor Works?

Tor Network crypts your data and send to destination through 3 computers. When you want to go to a site, Tor Browser connects 3 computers one by one and sends crypted data through them to destination site's server. Only the first computer in the network knows your IP adress but it doesn't know the destination. Last computer in the network knows only destination but doesn't know your information.
either computers in the network, destination computer or ISPs are able to figure out what you are doing, where you are connecting and who you are. Great! It's all secure!
But...
The Tor Network has some weaknesses. Let's talk about them:

2- Tor Network's Weaknesses

2.a- Unsecure connection to a site

If you connect a site without SSL Certificate, last computer in your pipeline can read your http content and steal your data.

2.b- ISP Crosscheck (Very very dangerous! Be careful)

When you connect Tor Network, your ISP knows that you connected to Tor Network and your destination server knows that data request comes from Tor Network. If someone (like damn Feds.) check connection timing, amount of sent-received data he can easily figure out that the guy who connected the destination server is YOU! I have shared an example with you below.

https://www.wnycstudios.org/podcasts/otm/articles/harvard-bomb-threat

Plus %70 of tor network's computers belongs to intelligence services of particular countries like Germany, US. Tor Developers bans them when they detect but they are still there..

The brief belongs to me. Sorry for English, it is not my native language. Thank you for reading.
-blackhatresearcher

It's true that TOR network have some security issues. For example, there's some cases of unknown groups mounting relays for intercepting data. For the ISP crosschek you can fix it using a VPN each time you connect to TOR network. And... the SSL problem can be fixed using something like https everywhere. :)

(April 15, 2022, 11:37 PM)Holistic-K1ller Wrote:

(April 15, 2022, 11:31 PM)blackhatresearcher Wrote: As you can see in the title, the topic of this post is how secure is Tor. I want to write  a brief because a lot of people especially newbies think that Tor Network hide them from Feds. Let's start:


1- How Tor Works?

Tor Network crypts your data and send to destination through 3 computers. When you want to go to a site, Tor Browser connects 3 computers one by one and sends crypted data through them to destination site's server. Only the first computer in the network knows your IP adress but it doesn't know the destination. Last computer in the network knows only destination but doesn't know your information.
either computers in the network, destination computer or ISPs are able to figure out what you are doing, where you are connecting and who you are. Great! It's all secure!
But...
The Tor Network has some weaknesses. Let's talk about them:

2- Tor Network's Weaknesses

2.a- Unsecure connection to a site

If you connect a site without SSL Certificate, last computer in your pipeline can read your http content and steal your data.

2.b- ISP Crosscheck (Very very dangerous! Be careful)

When you connect Tor Network, your ISP knows that you connected to Tor Network and your destination server knows that data request comes from Tor Network. If someone (like damn Feds.) check connection timing, amount of sent-received data he can easily figure out that the guy who connected the destination server is YOU! I have shared an example with you below.

https://www.wnycstudios.org/podcasts/otm/articles/harvard-bomb-threat

Plus %70 of tor network's computers belongs to intelligence services of particular countries like Germany, US. Tor Developers bans them when they detect but they are still there..

The brief belongs to me. Sorry for English, it is not my native language. Thank you for reading.
-blackhatresearcher

It's true that TOR network have some security issues. For example, there's some cases of unknown groups mounting relays for intercepting data. For the ISP crosschek you can fix it using a VPN each time you connect to TOR network. And... the SSL problem can be fixed using something like https everywhere. :)

Yes. We can use VPN but if they got VPN's ISP data and VPN logs our connection, they can find us. I prefer to use VPN but I'm not still %100 in safe :/ . If i hurt a country badly, they can find me  :dodgy: You right, https is mandatory for a man who does bad things :)

(April 15, 2022, 11:31 PM)blackhatresearcher Wrote: https://www.wnycstudios.org/podcasts/otm/articles/harvard-bomb-threat

He was the only guy on campus internet using Tor the exact time a bomb threat was made. VPN on entry/Bridge/different network solves this.
If he had shut his fucking mouth he could've claimed it was a coincidence and probably gotten away with it (he instantly confessed).

(April 16, 2022, 12:33 AM)tty Wrote:

(April 15, 2022, 11:31 PM)blackhatresearcher Wrote: https://www.wnycstudios.org/podcasts/otm/articles/harvard-bomb-threat

He was the only guy on campus internet using Tor the exact time a bomb threat was made. VPN on entry/Bridge/different network solves this.
If he had shut his fucking mouth he could've claimed it was a coincidence and probably gotten away with it (he instantly confessed).

Yes, if he was silent, anyone could blame him but probably he defeated by his fear. Using VPN is a solution but it can't make us %100 anonymous. ISP Crosscheck is valid for Our PC - VPN - TOR - Destination network..

Time to debunk majority of what you've written here.

1 - It's not always 3 relays. For example, I am currently connected to the .onion I have 6 relays, so fuck you.

2 - If I am on an .onion, the SSL certificate is not necessary as the entire connection is end to end encrypted. Majority of websites these days have an SSL certificate, and the browser warns you at the top if it doesn't. This threat is also mitigated by the fact that most certs are signed by a root CA that's in your system's root store.

3 - You can configure Tor to use specific types of entry and exit nodes. I can for instance tell it that I only want nodes located in Country X. You can also configure it to use nodes with a specific age, etc. Read how to configure torrc file, then make this assertion.

As for the ISP correlation, it doesn't matter if they aren't monitoring both ends. In the case with me using breached onion, they don't know where the hidden service true location is, so a correlation attack is unlikely. Not to mention it's costly to do so 24/7 from a Federal agency perspective and it is only done to people in which they don't have much time to response, like a bomb hoax.

With the article you linked, the ISP was the student's own University network for both the target and client. You don't have to be a genius network engineer to figure out that both the users using Tor on the network and the received message are on and from the same subnet.

Tor is an invaluable tool and only feds try to dissuade anyone from using it. Is it perfect? No, but it's definitely better than any of the shit so called "bullet proof" VPS providers most people (I assume you included) use.

(April 16, 2022, 04:10 AM)penis Wrote: Time to debunk majority of what you've written here.

1 - It's not always 3 relays. For example, I am currently connected to the .onion I have 6 relays, so fuck you.

2 - If I am on an .onion, the SSL certificate is not necessary as the entire connection is end to end encrypted. Majority of websites these days have an SSL certificate, and the browser warns you at the top if it doesn't. This threat is also mitigated by the fact that most certs are signed by a root CA that's in your system's root store.

3 - You can configure Tor to use specific types of entry and exit nodes. I can for instance tell it that I only want nodes located in Country X. You can also configure it to use nodes with a specific age, etc. Read how to configure torrc file, then make this assertion.

As for the ISP correlation, it doesn't matter if they aren't monitoring both ends. In the case with me using breached onion, they don't know where the hidden service true location is, so a correlation attack is unlikely. Not to mention it's costly to do so 24/7 from a Federal agency perspective and it is only done to people in which they don't have much time to response, like a bomb hoax.

With the article you linked, the ISP was the student's own University network for both the target and client. You don't have to be a genius network engineer to figure out that both the users using Tor on the network and the received message are on and from the same subnet.

Tor is an invaluable tool and only feds try to dissuade anyone from using it. Is it perfect? No, but it's definitely better than any of the shit so called "bullet proof" VPS providers most people (I assume you included) use.

ooo roasted!!!! @blackhatresearcher personally if i was you i wouldn't let someone talk to me like that hes basically calling you a retarted fuck!
blac

I think it's safe to say (lol) that nothing is actually truly safe....

(April 16, 2022, 01:57 PM)Dredgen Sun Wrote: I think it's safe to say (lol) that nothing is actually truly safe....

As long as you dont fuck with big USA companies vpn/tor is your best friend.
Once you go againts Uncle Sam, nothing is safe