To view the list of links, please access this site using Tor Browser.
If you’re seeing this message, access is restricted for regular browsers.
Already using Tor? If you are sure you’re currently in Tor Browser, proceed to our .onion version:
Tor is primarily intended for allowing you to browse ordinary websites anonymously, and only about 3% of Tor traffic is to onion sites.
☛ Tor is a humanitarian project enabling people in restricted and censored parts of the world to read the news published by others countries and connect with friends and family because their country has forbidden freedoms to engage with the outside world.
☛ → If you read the original Tor specification, "onion sites" are practically an after-thought; almost the entire proposal is about using onion routing to reach the open web with privacy.
There exists a type of character in the world that values their privacy greatly. I just happen to be one of those people.
1. Right-Click the file and select 'Copy to other qube'
2. Type the name of the destination Qube
3. Run the other Qube and go to the 'QubesIncoming' folder, then into the folder that the file is
in ('vault' usually)
4. Open a terminal in the same Qube (Global terminal, not a terminal in that specific folder)
5. Run this command:
cd /home/user/QubesIncoming/vault/ && sudo mv user.js /usr/share/tb-profile-i2p/profile.i2p/
6. But doesn't change the settings?!IMO these should be default settings on a fresh install, but with Tor browser trying to appeal to a larger audience I can somewhat understand their reasons to have things setup this way.
My final end-goal is to have everyone blend in and leak as little data as possible.
network.http.sendRefererHeaderWhen it was set to '0', it was letting me access the Dread homepage, but was NOT letting me log in, i was getting the error:
The connection was reset
The document contains no data.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Tor Browser is permitted to access the web.
Might be causing this issue because:
What it does: This setting decides if your browser tells websites where you came from when you click a link.
Why it might cause the issue: If the setting is wrong, the website might not let you log in and could show an error instead.
What each setting does:
The `network.http.sendRefererHeader` setting in Firefox and Tor Browser has three main options: 1. **0**: **Never send the Referer header** - The browser will not send any Referer information to websites. 2. **1**: **Send the Referer header for same-origin requests only** - The browser will send the Referer header only when navigating within the same site (same domain). 3. **2**: **Always send the Referer header** - The browser will send the Referer header for all requests, regardless of whether the sites are the same or different.
I thought about this one plenty. I'm even considering removing it because it might prevent entry into some sites.
This would more likely be the case you are referring to [network.http.referer.hideOnionSource]
Even when we obtain a "New Identity" Tor mandates that "All linkable identifiers and browser state MUST be cleared by this feature."
Many are killed the moment we disable JavaScript.
But I personally never use a refer when visiting a site outside of Dread.
If I were to visit a market, it's New Window.
Also, if you Right-Click on any link in Tor your will see the option "Copy Link without Site Tracking."
a) don't encounter the exit node
27 VPNs, 4 RDPs, 22 foot antenna
No correlation: if I were to visit a market, I would have a whole different circuit and no likability to *this* Tor session.
When I am done with Dread, I simply exit.
you simply cannot link a picture to someone else/[quote]
Sorry you've lost me here what do you mean here
[quote]But the no-header is actually something I use on the clearnet for statistics because it helps so much in finding out where most of your customers are coming from.
I showed someone their clients are coming from Instagram and this one unknown drug site. They were shocked.
Behavioral pattern really comes into play.
javascript.options.baselinejit: This setting controls a performance feature for JavaScript. Setting it to false may slow down JavaScript executionSame with this
javascript.options.baselinejit: This setting controls a performance feature for JavaScript. Setting it to false may slow down JavaScript execution
But out of all the readers, how many do you think will actually be concerned about this?
How many are connecting to Dread with their Smart Phone?
Will more than 5 people here ever read the Tor specifications?
A .onion TLD on the clearnet is a scam site.
DNS Registries/Registrars: Registrars MUST NOT register .onion
names; all such requests MUST be denied.
They can't perfect anything for us because there is still so much to learn: how to find the right vendor, how to use encryption, how to not get scammed. It's like a teacher/classroom/textbook/bootcamp can only do so much. You have to prepare yourself for the risks of the environment you are entering.
Over the years, we have all learned not to trust the slider or NoScript. Hence, why I look at about:config.
Don't worry, because Dread doesn't have any JavaScript you didn't render any JavaScript.
But now you know, a quick 5 second look at about:config
Every major upgrade resets the settings. And NoScript isn't perfect.
Doing it manually, you know it's done right.
Alright, ace, til tomorrow! Good to meet you.
I'm not calling you out or accusing you of anything but it's kinda peculiar that you've gone so long without knowing that javascript was still enabled. For a while now certain onion sites have been throwing up warning pop-ups upon visiting the site telling me and I assume anyone else if js was enabled and to go turn it off if so. I'm not a DW-aholic like some so I don't really visit all the markets or onion sites/services that are up and running at any given time to say which ones had/have the pop-up but I'm usually in one or two of the top 3 markets at least once a week and I've encountered the warning a handful of times until "about:config" was a part of the whole DW process for me.
Again, not accusing you of anything, I just find it odd that you didn't encounter one of those pop-ups at some point because I've been seeing them for a while now. I can't say exactly, due to my goldfish memory (don''t do drugs kids) but I want to say that it's been over a year, maybe closer to two since I first saw one. But either way, I'm glad that you now know how to check to make sure that it's off for sure.
Also, thank you /u/HeadJanitor for the look outs. I don't think people realize how fucked we'd be without Dread and the time and effort that individuals such as yourself put into finding these potential security threats and then passing that information on to us for no charge, glory or similar benefit other than the continued safety of the community and its members. You all are gentlemen (and gentlewomen perhaps) and scholars
Tor is not designed for the darknet user. Which is why JavaScript is enabled, for example. It is designed for individual privacy and, of course, for their browser to be fully functional. Not necessarily for the depths of anonymity we, the micro minority, seek.
