News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

RDP/VM on mac : OpSec | Torhoo darknet markets

why does nobody talk about doing any of this stuff on a macbook and everyone always talks about rdp on windows. are there security caveats when it comes to macbooks vs windows?? some help would be appreciated.
/u/echelon
1 points
3 months ago
Excellent post, and very well explained.
/u/MunchosMojitos
1 points
3 months ago
What about snowflake?
/u/yelloweyes
1 points
3 months ago
Second. If obsf4 doesn't work, how DO I hide Tor from ISP? Whonix doesn't support webtunnel
/u/Yugong 📢 P I can move mountains ⛰️
1 points
3 months ago
Do you actually mean to hide or circumvent? Topic specifically explains the difference between hiding Tor usage and network circumvention. It is important to understand this before expanding on the question.

In short a correctly configured VPN will hide Tor usage but depending on your threat model connecting to a VPN before Tor might not be the smartest idea as logs retain with your VPN provider.

Take a look at my comment /post/8714394170635447819a/#c-5c9547de6c55a598c6 it might give you a bit more insight on the what and when about connecting in general.
/u/yelloweyes
1 points
3 months ago
I'll give you an example: the Harvard kid that called in a bomb threat over Tor. The feds caught him because he was the only Tor connection on campus. How could he have stayed safe? Many people have said he fucked up and should've used bridges but that wouldn't work?
/u/Yugong 📢 P I can move mountains ⛰️
1 points
3 months ago*
Using a non university connection is a start. I don't know the full information on the case.

But given there is possibility it was done to avoid some test it isn't out of question to look through university network logs first. If 3 letter agencies were brought in on it and they see the exit IP is in the US if the middle hop is anywhere else in the world it won't matter if the first hop is US again. By connecting the user to the US hop and US hop to second hop IP LE can see connection to the second hop and from the second hop to the final exit hop (US again). I don't know if that's the case but I'm saying in such scenario tracking wouldn't require much resources as all of the data would be available.

Using bridges or not doesn't hide Tor usage it is what my post is about. Logs can be analyzed post connection and many systems do as they can't handle the amount of traffic in real time. Connecting with IAT mode 1 or 2 can circumvent more network filters than without it but it doesn't guarantee the Tor connection won't be detected ever. To not have it detected a well configured VPN can do that but connecting to VPN isn't best practice depending on most threat models. Hiding Tor usage or any other protocol is a very hard problem to solve correct and permanent way.
/u/Yugong 📢 P I can move mountains ⛰️
1 points
3 months ago
What specifically about it can you expand on your question? Snowflake doesn't work in China at least means it is detected.
/u/MunchosMojitos
1 points
3 months ago
I'm interested to know more about it stealth compared to regular traffic, and the anonymity of snowflakes proxies (can the full list of snowflakes proxies IPs get known/blocked?)
/u/Yugong 📢 P I can move mountains ⛰️
1 points
2 months ago
I've seen your comment now. If you read the topic Tor usage with OBFS4 bridge included is effectively impossible to hide (!= network filters circumvention).

All types of proxies can get known and blocked. GFW is great example how it can be achieved with a whitelist policy and both active and passive monitoring.
/u/street57249
1 points
2 months ago
/u/Yugong in which cases it is recommended using a VPN together with a custom OBFS4 Bridge?
/u/Yugong 📢 P I can move mountains ⛰️
2 points
2 months ago*
Complex question to give a simple answer. Every situation and threat model is different. Before you do any connection chaining I recommend to read up on each individual technology you plan to use and how interacting between them will affect your security, privacy and anonymity.

To best gauge your own situation I'd start first with thinking about if you need bridge to begin with /post/8714394170635447819a/#c-5c9547de6c55a598c6

Since the topic we're on already discusses OBFS4 protocol you now would have the understanding in essence Tor usage is impossible to hide with current software (!=network circumvention). If you really wanted to hide it from local ISP combining custom OBFS4 bridge and encapsulating it all in VPN tunnel would be a decent choice.

If we take examples like China, Turkmenistan or Iran you'll need more than standard VPN to bypass network filters. Another side of the coin is in China some VPN providers are allowed to exist though they are detected. Would your connection to OBFS4 bridge be undetected then? Hard to say and very provider and server configuration dependent answer. Your threat model makes all the difference vs local/state adversaries it would work well but vs global adversaries it would be another game.

Other considerations are due like who controls the bridge, who controls the VPN server. Are both correctly configured? If they aren't there's a cascade of issues you can run into starting with successful DPI probing.

Having said all of that and assuming your threat model is on more local level as more users would be. In a situation where your ISP and country are more hostile to say Tor but don't block it as harshly as the countries I mentioned it can be beneficial to have a properly configured VPN tunnel and run a custom OBFS4 bridge connection inside. That way you harvest the properties of VPN and you can add additional protection like tlscrypt/stunnel/OBFS4. The scenario is on assumptions don't take it as for granted opsec or direct advice, create your own threat model unique to your own situation.
/u/street57249
1 points
2 months ago*
Thanks for providing such a comprehensive answer. This really helps.

Read everything again and is my conclusion right that at least OBFS4 doesn't hide well the fact that you connect to Tor network from local/state adversaries which is anyway not the purpose. The purpose is circumvention. Please correct me if wrong.

Out of interest: How people get Bridges in countries where https://bridges.torproject.org is blocked? I assume you should obtain them first before moving to restrictive countries.

And you should always choose custom bridges and never the default ones, right?
/u/Yugong 📢 P I can move mountains ⛰️
1 points
2 months ago

The purpose is circumvention. Please correct me if wrong.

Correct. Per this specific topic with IAT mode 2 you can bypass for several weeks filters in China for example but it doesn't guarantee it wouldn't be detected later (post-analysis) and classified as such. Better than nothing in countries hostile to Tor.


How people get Bridges in countries where https://bridges.torproject.org is blocked?

Tor provides several distribution mechanisms my script /post/cc9b9601a520cba5fdb4 leverages MOAT distributor same way if you were running standalone TBB (you'll find more information about it in my linked script post). Other methods would be to email them or through Telegram. Using my script whom in effect does same job as if you're normal user in restricted country. If you can't reach the endpoints in script, give it to a friend you (really) trust through whichever communication mechanisms and get results.
/u/street57249
1 points
2 months ago
Thanks a lot /u/Yugong

Are there any use cases or recommendation in which cases someone should use the built-in default bridges? As I know they are already known and identified by governments.
/u/Yugong 📢 P I can move mountains ⛰️
1 points
2 months ago

Are there any use cases or recommendation in which cases someone should use the built-in default bridges? As I know they are already known and identified by governments.

Blend in with everyone else or no other way to get Tor online. Can't think of any other on the spot.

Pretty much all public bridges regardless which protocol are identified. A case in point is China with IAT mode 2 and private OBFS4 bridge it still takes them couple of weeks but eventually they blacklist those IPs too. Doesn't mean obviously they've detected it as they go for a whitelist first approach but as described in linked Whonix documentation pages too it's virtually impossible to hide Tor usage.
/u/street57249
1 points
2 months ago
Thanks a lot!
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo