News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

Telegram alternatives or just use telegram with tight opsec. : OpSec | Torhoo darknet markets

Right I do use most of the suggested messengers like XMPP Session Simplex, Signal and Matrix but for whatever reason the whole world still uses telegram, i hate it im not sure why there hasn't been a switch where people start migrating to other apps i thought this would be the case but no.

So do i just make a telegram and use all the tools to make it not linked to me or keep waiting, like i said i enjoy and would use the other apps however telegram seems more than a messenger as you have channels groups and the people on there and the population of all vendors still there so hard to shift to another platform.

edit: i know its comprimised by feds etc but all the activity takes place there was wondering if anyone can see it changing anytime soon.
/u/Beelzebub ƤŘƗŇĆ€ Ø₣ ŁƗ€Ş
1 points
3 months ago
From our Wiki.

⚙ (Real Example) Note to end-users: Should you use Telegram software? Telegram will know that you are using (1) Virtual Box (2) the Operating System (3) the Desktop Environment, (if Linux, your GNU glibc release/version and so much more). Virtual Box will not hide you.
/u/nihilist1 Professionals Have Standards
3 points
3 months ago
use simplex instead. FOSS (unlike telegram), doesnt require a phone number (unlike signal aswell), and even has disappearing messages.
it's suitable for public use, private use, anonymous use, and sensitive use too.
http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonsimplex/index.html
/u/rmrf P
1 points
3 months ago
No. Do not use fucking simplex.

https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md#simplex-messaging-protocol-server

There is nothing close to anonymous about it. And the server itself can straight up lie to a client without much detection.

"""
SimpleX Messaging Protocol server

can:

learn when a queue recipient is online

know how many messages are sent via the queue (although some may be noise or not content messages).

learn which messages would trigger notifications even if a user does not use push notifications.

perform the correlation of the queue used to receive messages (matching multiple queues to a single user) via either a re-used transport connection, user's IP Address, or connection timing regularities.

learn a recipient's IP address, track them through other IP addresses they use to access the same queue, and infer information (e.g. employer) based on the IP addresses, as long as Tor is not used.

drop all future messages inserted into a queue, detectable only over other, redundant queues.

lie about the state of a queue to the recipient and/or to the sender (e.g. suspended or deleted when it is not).

spam a user with invalid messages.
"""
/u/nihilist1 Professionals Have Standards
2 points
3 months ago*
read the tutorial i linked to btw.

> There is nothing close to anonymous about it. And the server itself can straight up lie to a client without much detection.
> user's IP Address, IP addresses, other IP addresses

clientside just enable socks5 proxying in the simplex client to make all connections go through tor,
serverside follow the tutorial we wrote, you'd see that we also recommend to host your own .onion-only simplex SMP / XFTP servers.

good luck deanonymizing yourself using my onion-only simplex servers.

This whole whining regarding how people manage their simplex servers is solved like this: run your own simplex servers, and you're good.

You're not isolated if you're the only one using your own simplex servers, they communicate with each other thanks to their private routing protocol
/u/rmrf P
1 points
3 months ago
Tutorials fine I guess, not much more it adds to your argument as it stands. Only question I had was if SimpleX being onion-only for your case, you can only then communicate with people who are also tor-only at that point correct?

I know this community disagrees with me, but telling people to just run their own servers and they are good to go is bad advice. 95%+ will barely be able to follow the simple instructions you put on your blog, and the 5% who do follow it are unlikely to actually manage, secure, and monitor there server past the initial configuration. Now in response, it is fair to say that messages are at least E2E so what can actually be done if that server is compromised we could speculate endlessly but more than likely no too much.

So I will backstep my response a little bit when I say there is nothing close to anonymous about it. You are right that if someone does go through the effort of configuring an onion-only server, ensures they are using Tor to connect (iptables rules might be of value to ensure there are no leaks), then it would be difficult for some baddies to do much to deanonymize you.

The metadata could still be a problem depending on storage if someone was able to control your server, as it does store a lot about online time, and message metadata (even if not the message contents) but this applies to XMPP as well, and most on this least; Except possible signal and session but that I am unsure of.
/u/nihilist1 Professionals Have Standards
1 points
3 months ago*
>Tutorials fine I guess, not much more it adds to your argument as it stands. Only question I had was if SimpleX being onion-only for your case, you can only then communicate with people who are also tor-only at that point correct?

thanks to the private routing you can use your onion-only servers to communicate with people that don't have tor connectivity.
The connection looks like that: (Alice -> Tor -> your onion only smp server -> Tor -> their smp server -> direct clearnet connection -> Bob)
It's really convenient when you think about it. not possible on the other traditional server architectures.

>95%+ will barely be able to follow the simple instructions you put on your blog, and the 5% who do follow it are unlikely to actually manage, secure, and monitor there server past the initial configuration.
i'm not going to sugarcoat that something is simpler than it should be, we stick true to our quality standard and explain everything in clear detail, from start to finish. In fact, we're making it as easy as possible for them.

>Now in response, it is fair to say that messages are at least E2E so what can actually be done if that server is compromised we could speculate endlessly but more than likely no too much.
due to the private routing and the dual uni-directional traffic flows you have to realize that the adversary has to compromise 2 servers at least. But the e2ee is still intact even if you compromise either simplex server. So imo it doesn't matter. You'd have to literally spy on what the user is typing before it gets encrypted by simplex. But if they followed our basic tutorials privacy section that's already taken care of. (no closed-source software left behind, maintaining privacy)

>(iptables rules might be of value to ensure there are no leaks),
no need just make the app connect through Tor alone (socks5 proxying settings + requiring .onion hostnames on the clientside) and it won't try to connect via the clearnet. You can also run simplex from a whonix VM if you're afraid of the leaks http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/whonixqemuvms/index.html

> The metadata could still be a problem depending on storage if someone was able to control your server,
Simplex goes deep in obscuring as much metadata as possible actually. i'm not knowledgeable on the details of that specifically. However the basic fact that you have no user IDs definitely is a major trait of metadata minimization. https://simplex.chat/docs/simplex.html

sidenote: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/chats/index.html in this tutorial i released just now, we go over how simplex meets all opsec requirements
/u/rubes
1 points
3 months ago
what would you recommend then and why?
/u/rmrf P
2 points
3 months ago
I do not recommend Telegram. Feds are all over it.

Matrix is okay for censorship resistance and encryption but there it collects a ridiculous amount of metadata. Doesn't do much if anything for "anonymity".

XMPP with OTR is great for encrypted communication. That's about it. Almost all the clients are C/C++ based (libpurple previously being a massive source of vulns). If someone was to use OTR which is great, setup your own .onion based XMPP server and only communicate with your partners on said .onion xmpp server.

Signal is obviously linked directly with a phone number which isn't a huge issue since you can just use SMS registration services then set a pin and do a registration lock. Set a username. There you go. Obviously doesn't do much for the anonymity of connecting to signal servers.

Session is probably the better option of Signal, as its based on the source code of Signal while implementing it's own onion routing network. It also allows for registration without a phone, email, anything. There was some research that supposedly session was using weak configurations but it seems it has been debunked::
getsession|.|org/a-response-to-recent-claims-about-sessions-security-architecture

Tox is a thing I guess to but with it mostly being used by ransomware groups I have a feeling numerous agencies have stockpiled zerodays to rape any tox account, like XMPP most clients are in C/C++ which are more inclined to vulnerabilities.

So the bad: Simplex, Telegram
The Good-Okay: XMPP, Session, Signal
IDK: Tox

I would only suggest XMPP with the use of Tor-based xmpp services. Session is the easiest to get setup and has some semblence of a onion network that you can add on top of your other anonymity network stuff. Signal is probably fine but you also want to use VPN/Tor/Something that will had your IP even if Session themselves doesn't provide this to LE.
/u/nihilist1 Professionals Have Standards
2 points
3 months ago*
>XMPP, Session, Signal

XMPP is the closest to simplex, you just still rely on usernames in it, but it's still suitable for private/anonymous/sensitive use
Session : they weakened their cryptograhy and gave no official reason for it. huge red flag, therefore not suitable for private use
Signal: requires a phone number to sign up. therefore not suitable for anonymous use.
Matrix: having moved my entire community from there to simplex, it's just a mess. But it can be used anonymously still. the clearnet requirement is a huge hassle i was happy to get rid of, thanks to simplex you can just keep it onion-only and don't even bother with the clearnet at all. But matrix has a TON of other problems, as covered in commando's excellent post: http://yw7nc56v4nsudvwewhmhhwltxpncedfuc43qbubj4nmwhdhwtiu4o6yd.onion/t/why-we-abandoned-matrix-the-dark-truth-about-user-security-and-safety/224

and yes telegram is to be left in the garbage bin. Closed source software is de-facto unsuitable for private use.
/u/rmrf P
3 points
3 months ago*
Edit: Trying to fix formatting since subtitle and title shit all over my post.

So I spent a little bit and examined all these again and I'll give my updated view on everything.

Okay-Good Tier

Signal
I disagree that the basic idea of it needing a phone number is what makes it terrible. It's been proven time and time again to collect almost nothing on it's own users, and even US government peoples are planning their drone strikes on brown people through signal groups. Talk about a vouch!

The problem could be that Signal servers are centralized, so even if your content is safe there may be a bigger baddie (NSA/Unit2800) who is monitoring so much traffic they can possible deanonymize you.

As discussed if you register with a burner sms service, lock your registration with a pin, even if your account is compromised no messages get forwarded on.

XMPP

XMPP is old as fuck, which in some ways makes it great because the best test is the test of time. By default I would be cautious as I can only assume most the XMPP servers that are public are ran by the law or helping the law. If you setup your own XMPP server, especially if tor-based, use OMEMO (not OTR), and a slim client like profanity.

The big problem with XMPP is I don't trust most the clients to not be built like shit. Libpurple was/is a cancer. There was a great project called CoyIM that was made in Golang and had built in tor support but for some reason is just abandoned...

SimpleX

I'll change my view in that SimpleX is okay. . I am not comfortable with the idea that they are UK based company (https://simplex.chat/transparency/) because of all the recent attempts to backdoor things by the UK government (see: Apple iCloud). They have undergone two audits at least so in theory the application should be to some level safe and can be audited for anything suspicious.

I think similar to XMPP as you mentioned, if you run a tor-only SimpleX server, and only route through that, you are probably in a much better place. The servers could technically do nefarious things and collect some interesting metadata but an XMPP server can mostly do the same. The client built in haskell is something I'm not sure if it is a good or bad but I want to believe it can't be any worse than a decade old C/C++ client.

So in my original response I was looking at it through the default lense. If you put some effort into your opsec then it can very much be secure but their default network layout is not great imo. It puts a lot of trust in SimpleX themselves who don't have a track record yet of holding up to government scrutiny in any capacity. I am also not sure from the documentation if you become a server that they do not like, do they have the ability to remove you from communicating from others on the network? I have to look more at the protocol documentation.

Shit Tier

Telegram

Still garbage, don't use. Founder was arrested in France, law enforcement has now been getting a bunch of information not previously disclosed. Requires phone number and you can't even register from a phone like GrapheneOS, you must be using stock android to register. Encryption is pretty much useless unless its a secret chat to my knowledge.

Matrix

Same view. Too much metadata, nothing from a network ability that allows for anonymity. My personal experience is that it works terribly with Tor.

Needs Further Research

Session

I want to look into this more before I commit it to shit tier. Anyone interested can look more here:

https://getsession.org/session-protocol-technical-information

https://getsession.org/a-response-to-recent-claims-about-sessions-security-architecture

Initially some of their claims as to why they do things the way they do make sense, but the removing of PFS is not one I'm fully understanding. It's because their own protocol apparently does not work well with it, which wouldn't surprise me as their protocol is kind of a dumpster. I have to re-read the technicals again as my head started to hurt the more I read it.

The base idea of session is great, no email or phone, built-in onion routing (not tor though), and built on a codebase (signal) that is very well tested. Using it with Tor is painful and slow because you are not using an onion network on an onion network.

Tox

Someone else might have better opiion than me. Decentralized and Encrypted I think? Other user has to be online to my knowledge to message so might be less convienant. Does not have any privacy/anonymity network wise except for the decentralization of the network?
/u/nihilist1 Professionals Have Standards
2 points
3 months ago
> I am not comfortable with the idea that they are UK based company (https://simplex.chat/transparency/) because of all the recent attempts to backdoor things by the UK government (see: Apple iCloud)

Understandable, but it's a FOSS project contrary to apple products. If they were to remove E2EE, the foss community would go into huge turmoil, and fork the project immediately to remove the bad commits, compile the thing themselves and most likely keep using it.

Not that i expect them to go south, but if they were to go south, the doomsday scenario is baked into the FOSS model.
/u/3xtr4tr1f0rce Equo Ne Credite ❌🐎❌
1 points
2 months ago
I have never seen https://briarproject.org/ mentioned anywhere (in a pro/con way), and I am extremely curious as to how it ventures vs session, signal, simplex, because the marketing is:
https://briarproject.org/how-it-works/
Censorship-resistant peer-to-peer messaging that bypasses centralized servers. Connect via Bluetooth, Wi-Fi or Tor, with privacy built-in.
Designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate. Unlike traditional messaging apps, Briar doesn’t rely on a central server – messages are synchronized directly between the users’ devices.


The thing I can say since I have been testing several chat apps is, session you can route through orbot (not sure on usefulness since it already routes through the Onion network), Briar you cant.

I assume that is because session is routed through onion network and not tor network like briar?

Also, what is the difference between Onion and Tor routing? I found this: https://thisvsthat.io/onion-routing-vs-tor on the comparison between Onion Routing and Tor, the protocol mentions that Tor uses Onion Routing??? So Tor by definition uses Onion Routing? What?? Confused by this...
/u/rmrf P
1 points
2 months ago
I have never used Briar so I can only provide what I see on the website. I don't know if you need to use Orbot since it seems like Briar has built-in Tor availability? The difference being that messages are stored between devices, so if we message back and forth messages are stored between us .. that's it. There is no central server to connect to that updates your message, only when the devices communicating to one another can be reached? This is also why it has "mailbox" which seems like storage for messsages until your contact comes back online. This seems more like an application to use if your government turns the internet off .. I don't know if I would recommend it for darkweb activity.

I am trying to keep this simple because it can be very confusing when explaining everything. Onion routing is simply multiple layers of encryption and multiple hops if we are putting it at its simple level. Session uses "Lokinet" which is like Tor at minimal level but they each have different things in place to protect them.

Lokinet is on Layer 3, while Tor is Layer 7. Since a variety of traffic can pass through Lokinet much easier, Tor will work with it like this : You <> Tor (3 hops) <> Lokinet <> End

Does that clear enough up or do I need to explain more?
/u/3xtr4tr1f0rce Equo Ne Credite ❌🐎❌
1 points
2 months ago
Yes, to be received, both users have to be online, to send it is not needed, it just gets queued to send. It also supports message disappearing.

So routing through orbot wraps your loki connection first through the tor network, once 'out' of the tor hops it then goes through the loki network and on the way back it does the same in reverse, right?

Obviously I would enjoy reading in depth about this shit if you dont mind the time investment.
/u/rmrf P
1 points
2 months ago
So just from thinking about it this is similar to how it would work in most other cases of routing Tor to use non-tor stuff.

The Loki connection will be wrapped in the Tor network until the final hop, just as it would be regular clearweb traffic. The encryption provided by Tor at this point will no longer be useful as you are now communicating to a seperate network but you will still have your last IP as a Tor IP. With Session (Loki) your traffic since it is Onion (multiple layers of encryption) should still be encrypted across the Loki network (and the jump outside of tor network). Then once the traffic routes its way back to you it should do the same in reverse, Lokinet >>> Tor >>> You.
/u/Grindah 📢
1 points
3 months ago
Simplex i read is very secure, reading your write up sounds interesting are you able to deanonymise people who use simplex then?

Do you need to be the own who has the server to perform this or, sorry for asking if you already made clear but im interested to learn more.
/u/BlackCell P
1 points
3 months ago
Don't use Telegram.

/post/c69254b93a010d18e734
/u/natethedrake
1 points
3 months ago
Telegram was compromised by the feds a long time ago. Don't use it.
/u/anonguytodaylol
1 points
3 months ago
If you’re not a complete retard and use basic opsec measures you can use TG just fine, all these paranoid crack smoking neckbeards in here blasting it.
/u/noturningback
1 points
3 months ago
100%, simple drug users aggrandizing their addictions to make their life seem more meaningful.

THE FEDS ARE OUT TO GET ME!
/u/Beelzebub ƤŘƗŇĆ€ Ø₣ ŁƗ€Ş
1 points
3 months ago
I smoke meth and I'm a long haired hippy. I don't have a beard of any kind. I wouldn't use TG.

None of the other /d/OpSec mods would either. They can confirm their beard situation.

The main reason people choose to use TG is that they're too retarded to get anything else to work.
/u/anonguytodaylol
1 points
3 months ago
I’m just saying, if you’re retarded no level op OpSec in existence will save your dumb ass. Even when using TG you can somewhat mitigate risks by using the most general of OpSec measures , I never said there weren’t better options out there - but for some rackets TG is simply mandatory wether you like it or not.
/u/flossie
1 points
3 months ago
Signal
/u/Grindah 📢
1 points
3 months ago
i see people use this as a link to post their new telegram channels, i dont see why its not replaced it as a whole, i think its the not being able to remove people from groups perhaps.
/u/asfaleia ⚔️ασφάλεια⚔️
1 points
3 months ago
There is nothing like tight operating the leaking can of worms.
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo