Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Solved] Questions about Tor
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Fulgurance
Guru
Guru


Joined: 15 Feb 2017
Posts: 552

PostPosted: Tue Jan 29, 2019 5:17 pm    Post subject: [Solved] Questions about Tor Reply with quote

Hello, i have just questions about Tor.
I don't would like to go into dark net. Just use it to anonymate my connection. Is it possible to use it only for that (not with tor brower) ?
And i have seen into website mozilla firefox integrate tor functionnalities. Do you know good tutorial or documentation to add tor functionnalities ? (i would like to use firefox, not tor browser)

And tor-hardening use flag is it just for vanilla packages ? Or usable ?


Last edited by Fulgurance on Sat Feb 02, 2019 11:17 pm; edited 1 time in total
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 6957
Location: Saint Amant, Acadiana

PostPosted: Tue Jan 29, 2019 5:59 pm    Post subject: Reply with quote

There are no free dinners. You want to use other peoples resources you have to allow them to use yours. I personally prefer paid VPN.
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
Muso
l33t
l33t


Joined: 22 Oct 2002
Posts: 968
Location: The Holy city of Honolulu

PostPosted: Wed Jan 30, 2019 3:38 am    Post subject: Reply with quote

You can use proxychains via tor.
_________________
Time is a great teacher, but unfortunately it kills all its pupils.
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2511

PostPosted: Wed Jan 30, 2019 5:22 am    Post subject: Reply with quote

Full disclosure, I tried tor once to see what it was about, and that's it. But I've done some reading.

If you go through the tor network and browse, they (allegedly) can't see your correct IP address on the other side, nor can anyone in the middle except your real ISP, and whoever has hooks into that. Maybe your government?

But the thing is, the tor browser was made specifically to eliminate as much risk as possible of someone tracing back to you in other ways.

If you use Firefox, and you go to example.com, and there are cookies or some other fingerprint by which they can identify you, you've been identified. If you go to gmail and login, they know who you are. Google, gmail, youtube, any one of the sites in that corporate family all share data. Once you're tagged all that work of going through tor is irrelevant.

I'm 100% sure that the same can be said for other sites of a common parentage. Google is just a favorite example of a company that likes to look over your shoulder, and which is frequently subpoenaed for legal proof of someone's interest in a person, place or thing.

If I actually cared what my government thought of the websites I visit I may have put more effort into learning about tor, but I can't really say I care enough to bother.
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3646
Location: Hamburg

PostPosted: Wed Jan 30, 2019 8:31 am    Post subject: Reply with quote

The Tor Browser is based on Firefox.
Run https://tails.boum.org in a virtual machine if you need more anonymity.
Finally anonymity != dark net - the former is a technical thing, the later a social one.

Just my 2ct.
Back to top
View user's profile Send private message
Fulgurance
Guru
Guru


Joined: 15 Feb 2017
Posts: 552

PostPosted: Wed Jan 30, 2019 9:27 am    Post subject: Reply with quote

And, little question. I think Tor only is not sufficient, is it recommanded to add VPN ? (i think tor isn't VPN)
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2511

PostPosted: Wed Jan 30, 2019 3:33 pm    Post subject: Reply with quote

https://www.torproject.org/about/overview.html.en

Tor does what a VPN does, only supposedly better since it makes multiple hops from point to point.
Back to top
View user's profile Send private message
Fitzcarraldo
Veteran
Veteran


Joined: 30 Aug 2008
Posts: 1629
Location: United Kingdom

PostPosted: Wed Jan 30, 2019 3:51 pm    Post subject: Reply with quote

These two pages seem to have a good comparison between the differences, and the pros and cons:

Differences between using Tor browser and VPN

Tor vs. VPN - What are the differences between the two
_________________
Clevo W230SS: amd64 OpenRC elogind nvidia-drivers & xf86-video-intel.
Compal NBLB2: ~amd64 OpenRC elogind xf86-video-ati. Dual boot Win 7 Pro 64-bit.
KDE on both.

Fitzcarraldo's blog
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2511

PostPosted: Wed Jan 30, 2019 5:38 pm    Post subject: Reply with quote

Fitzcarraldo wrote:
These two pages seem to have a good comparison between the differences, and the pros and cons:

Differences between using Tor browser and VPN

Tor vs. VPN - What are the differences between the two


Very nice!

Neither actually focuses on the real issue with both approaches though: If you ever connected to your destination site or one of its siblings with the browser you're using, then there can be a cookie/token which can be retrieved from the destination server, and they can know who you are. They can use logs from your connection on the open Internet to get your physical location.

Cookies and such are categorized by the site which creates them. Your browser does not care if the cookie was set over the open Internet and then retrieved through TOR, but if you're going through the effort to use TOR then you most likely care about those things a lot.

Likewise automatically filled out forms, security credentials and whatever else saved by your browser can undo everything you were hoping for by using TOR in the first place.

Sorry I said all this earlier, but this point is important. By the time you get to the destination site, there's really no difference between using a VPN or TOR, or going straight there. The only thing that really changes is where your apparent IP address is, and how easily your network packets can be backtracked to their origin. The payload can be seen at the remote site, decrypted. If you have compromising information there, and somebody you don't like is watching, then they know who you are and what you did.
Back to top
View user's profile Send private message
The Doctor
Moderator
Moderator


Joined: 27 Jul 2010
Posts: 2546

PostPosted: Wed Jan 30, 2019 9:46 pm    Post subject: Reply with quote

1clue wrote:
The only thing that really changes is where your apparent IP address is, and how easily your network packets can be backtracked to their origin.
In other words, if you want to do anything requiring a log in, use your browser for tor and non tor traffic, etc. then it makes no difference. One big warning with tor is not to use it for anything involving money as there is a real risk of it being stolen.

Although if you have a specific browser for viewing "cute cat pictures" then it may offer some benefit.
_________________
First things first, but not necessarily in that order.

Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box.
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2511

PostPosted: Wed Jan 30, 2019 10:28 pm    Post subject: Reply with quote

The Doctor wrote:
1clue wrote:
The only thing that really changes is where your apparent IP address is, and how easily your network packets can be backtracked to their origin.
In other words, if you want to do anything requiring a log in, use your browser for tor and non tor traffic, etc. then it makes no difference. One big warning with tor is not to use it for anything involving money as there is a real risk of it being stolen.

Although if you have a specific browser for viewing "cute cat pictures" then it may offer some benefit.


Not exactly.

If you're going to use TOR then you may want to consider a completely separate Linux account, and create brand new accounts on whatever sites you need to login to, but avoid logging in if at all possible. And never create an account which links to something that can be traced back to you.

Just thing about the crap that shows up in ads after you google something. Or if you have an Alexa or any other device with voice commands, notice how your ads tend to follow what you talked about whether you used a deliberate voice command or not.

I think it would be insanely hard to keep the accounts separate, especially if you're doing it for a long time.
Back to top
View user's profile Send private message
Fitzcarraldo
Veteran
Veteran


Joined: 30 Aug 2008
Posts: 1629
Location: United Kingdom

PostPosted: Wed Jan 30, 2019 11:16 pm    Post subject: Reply with quote

I've read that Snowden used Tor Browser running in Tails booted from a LiveCD.

Putting aside so-called 'supercookies' and 'evercookies', the problem is that canvas fingerprinting means you can be tracked without the tracker knowing and storing your IP address (or other location identifier) or machine identifier (the Tor network hides your IP address from the visited Website or third-party server) and without needing to store anything on your machine (unlike cookies). Advertisers or other nefarious sites/servers can share your fingerprint with other sites/servers and they will know it is you who is browsing. If you revisit a site it will know it is you again. Here are a few results using the EFF's Panopticlick 3.0 tracking tester on the machine I'm using at the moment (I have omitted the full results, for privacy reasons):

Firefox 65.0 with Privacy Badger, Disconnect and DuckDuckGo Privacy Essentials installed

Quote:
Is your browser blocking tracking ads?
✓ yes

Is your browser blocking invisible trackers?
✓ yes

Does your blocker stop trackers that are included in the so-called “acceptable ads” whitelist?
✓ yes

Does your browser unblock 3rd parties that promise to honor Do Not Track?
✗ no

Does your browser protect from fingerprinting?
✗ your browser has a unique fingerprint

Note: because tracking techniques are complex, subtle, and constantly evolving, Panopticlick does not measure all forms of tracking and protection.

Your browser fingerprint appears to be unique among the 152,027 tested in the past 45 days.

Currently, we estimate that your browser has a fingerprint that conveys at least 17.21 bits of identifying information.


Firefox 65.0 Private Window with Privacy Badger, Disconnect and DuckDuckGo Privacy Essentials installed

Quote:
Is your browser blocking tracking ads?
✓ yes

Is your browser blocking invisible trackers?
✓ yes

Does your blocker stop trackers that are included in the so-called “acceptable ads” whitelist?
✓ yes

Does your browser unblock 3rd parties that promise to honor Do Not Track?
✗ no

Does your browser protect from fingerprinting?
✗ your browser has a nearly-unique fingerprint

Note: because tracking techniques are complex, subtle, and constantly evolving, Panopticlick does not measure all forms of tracking and protection.

Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 76033.0 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 16.21 bits of identifying information.


Tor Browser 8.0.5 (based on Mozilla Firefox 60.5.0esr) Standard Security Level; Tracking Protection Always; Do Not Track Always; Privacy Badger installed

Quote:
Is your browser blocking tracking ads?
⚠ partial protection

Is your browser blocking invisible trackers?
⚠ partial protection

Does your blocker stop trackers that are included in the so-called “acceptable ads” whitelist?
✓ yes

Does your browser unblock 3rd parties that promise to honor Do Not Track?
✗ no

Does your browser protect from fingerprinting?
⚠ partial protection

Note: because tracking techniques are complex, subtle, and constantly evolving, Panopticlick does not measure all forms of tracking and protection.

Within our dataset of several hundred thousand visitors tested in the past 45 days, only one in 3380.53 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 11.72 bits of identifying information.

_________________
Clevo W230SS: amd64 OpenRC elogind nvidia-drivers & xf86-video-intel.
Compal NBLB2: ~amd64 OpenRC elogind xf86-video-ati. Dual boot Win 7 Pro 64-bit.
KDE on both.

Fitzcarraldo's blog
Back to top
View user's profile Send private message
Fulgurance
Guru
Guru


Joined: 15 Feb 2017
Posts: 552

PostPosted: Thu Jan 31, 2019 11:27 pm    Post subject: Reply with quote

I have successfully configured firefox to use Tor. Now, i have buy nordvpn subscription. How can i configure tor to use nordvpn VPN ? On torrc file ? And how ?
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2511

PostPosted: Fri Feb 01, 2019 5:40 am    Post subject: Reply with quote

I would think that if your VPN is configured correctly, you would already be using it. Your default route should point through the VPN tun/tap device, whatever public IP that's using.
Back to top
View user's profile Send private message
Syl20
Guru
Guru


Joined: 04 Aug 2005
Posts: 545
Location: France

PostPosted: Fri Feb 01, 2019 8:51 am    Post subject: Reply with quote

Fitzcarraldo wrote:
the problem is that canvas fingerprinting means you can be tracked without the tracker knowing and storing your IP address (or other location identifier) or machine identifier (the Tor network hides your IP address from the visited Website or third-party server) and without needing to store anything on your machine (unlike cookies).

This tracking technique can be avoided, by using CanvasBlocker, for example. But it probably isn't as effective as Tor.
Back to top
View user's profile Send private message
Fulgurance
Guru
Guru


Joined: 15 Feb 2017
Posts: 552

PostPosted: Fri Feb 01, 2019 9:54 am    Post subject: Reply with quote

Sorry if ask you again, but i don't have success to use my new VPN with openvpn.

I have following this tutorial: https://nordvpn.com/fr/tutorials/linux/openvpn/
It's official tutorial for Linux. I have following graphical tutorial part, but when i click on my VPN on networkmanager to connect to my VPN, no error and no connection. Nothing...

Code:
fulgurance@msi-gs73vr-6rf ~ % eix openvpn
* app-crypt/openvpn-blacklist
     Available versions:  (~)0.4-r1 (~)0.5 {PYTHON_TARGETS="python2_7"}
     Homepage:            http://packages.debian.org/sid/openvpn-blacklist
     Description:         Detection of weak openvpn keys produced by certain debian versions in 2006-2008

* app-metrics/openvpn_exporter
     Available versions:  (~)0.2.1
     Homepage:            https://github.com/kumina/openvpn_exporter
     Description:         Prometheus Exporter for OpenVPN

* net-analyzer/nagios-icinga-openvpn
     Available versions:  (~)0.0.1 {PYTHON_TARGETS="python2_7 python3_4 python3_5 python3_6"}
     Homepage:            https://github.com/liquidat/nagios-icinga-openvpn
     Description:         A Nagios plugin to check whether an OpenVPN server is alive

[I] net-misc/networkmanager-openvpn
     Available versions:  1.8.8 {gtk test}
     Installed versions:  1.8.8(00:56:48 01/02/2019)(-gtk -test)
     Homepage:            https://wiki.gnome.org/Projects/NetworkManager
     Description:         NetworkManager OpenVPN plugin

[I] net-vpn/openvpn
     Available versions:  2.4.6 **9999 {down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam pkcs11 +plugins selinux +ssl static systemd test KERNEL="linux" USERLAND="BSD"}
     Installed versions:  2.4.6(00:56:32 01/02/2019)(lzo pam plugins selinux ssl -down-root -examples -inotify -iproute2 -libressl -lz4 -mbedtls -pkcs11 -static -systemd -test KERNEL="linux" USERLAND="-BSD")
     Homepage:            https://openvpn.net/
     Description:         Robust and highly flexible tunneling application compatible with many OSes

[I] sec-policy/selinux-openvpn
     Available versions:  2.20180114-r1 2.20180114-r2 (~)2.20180114-r3 2.20180701-r1 (~)2.20180701-r2 **9999
     Installed versions:  2.20180701-r2(00:55:49 01/02/2019)
     Homepage:            https://wiki.gentoo.org/wiki/Project:SELinux
     Description:         SELinux policy for openvpn

Found 6 matches
fulgurance@msi-gs73vr-6rf ~ % eix ca-certificates 
[I] app-misc/ca-certificates
     Available versions:  20180409.3.37 {cacert}
     Installed versions:  20180409.3.37(13:04:19 11/01/2019)(-cacert)
     Homepage:            https://packages.debian.org/sid/ca-certificates
     Description:         Common CA Certificates PEM files


Problem with not set use flag ?

(Actually, i have disabled Tor to test it)
Back to top
View user's profile Send private message
Fulgurance
Guru
Guru


Joined: 15 Feb 2017
Posts: 552

PostPosted: Sat Feb 02, 2019 11:18 pm    Post subject: Reply with quote

Problem solved, i have just forget to active specific kernel features :D

And for my VPN, it's solved, because they have server with TOR. I haven't any utility to use tor on my laptop.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum