Tor Security Guide : OpSec | Torhoo darknet markets Torhoo!

Issues	Count [1]: Opening and closing tag mismatch! Check the order of your tags because they are wrong!

/u/Inferno

5 points

7 years ago

Other suggestions to add.

Use bridges with tor
Don't Use wickr
Encrypt, Encrypt, AND ENCRYPT
Use PGP keys
Tumble any coins
Don't use Postal (do deaddrops instead etc)
Use MAT (Metadata Anonymisation Toolkit) warning, It not foolproof (does not 100% clean) and its development is currently on hold

PS
Thanks to /u/pirate for the easy BBC guide thingy

/u/CosmicConscious

3 points

7 years ago

/u/MJA20WithA3

yup. run the comman mat on the terminal followed by -d then drag and drop the image to display harmfull metadata.

drop the -d and it will wipe the Metadata.

/u/ilovewaxwaxwax

1 points

6 years ago

Does this alter the file? Or do you save it after wiping the metadata somehow? I know this post is mega old, sorry about that.

/u/pirate

2 points

7 years ago

No problem :P

/u/deathfromabov3626

2 points

7 years ago

I would say using xmr instead of a tumbler is preferred if possible

/u/MJA20WithA3

0 points

7 years ago

XMR is based god

XMR is bae

XMR is jeebuz

/u/Inferno

1 points

7 years ago

/u/MJA20WithA3

I can't say I know much of deaddrops...but what I do know is that it is better then postal.

As for EXIF wiper, to my Knowledge it only does pictures (unless someone here can prove otherwise) which may have geolocation and other metadata.
The MAT tool kit is more diversed...As it supports
Portable Network Graphics (.png)
JPEG (.jpg, .jpeg, …)
TIFF (.tif, tiff, …)
Open Documents (.odt, .odx, .ods, …)
Office OpenXml (.docx, .pptx, .xlsx, …)
Portable Document Fileformat (.pdf)
Tape ARchives (.tar, .tar.bz2, …)
MPEG AUdio (.mp3, .mp2, .mp1, …)
Ogg Vorbis (.ogg, …)
Free Lossless Audio Codec (.flac)
Torrent (.torrent)

you get the point

Problem is that it may not 100% wipe all of the metadata so it is advised to scrub mutliple times with different scrubbers

/u/[deleted]

1 points

7 years ago

Just make sure to use a PNG image.

/u/a100percentAss

1 points

7 years ago

/u/MJA20WithA3 what are deaddrops?

/u/MJA20WithA3

1 points

7 years ago

/u/a100percentAss Vacant/for sale homes you order stuff to.

/u/blacktieintherain

1 points

7 years ago

Does this work often? I remember about 15 years or so ago I tried this. Back when I was getting cards off irc. There was a house in the neighborhood that no one lived in for years. UPS would not deliver to the address. Said the place had been abandoned and I would have to pick up the package. Should you only try this with houses that have for sale signs?

/u/MJA20WithA3

0 points

7 years ago

Not that you should try this on houses with for sale signs, but you *shouldn't* try it on any houses you think could be considered abandoned/considered abandoned by a USPS mail person.

/u/MJA20WithA3

-1 points

7 years ago

Deaddrops are controversial, anyone wanna try to sway me one way further?

*Wait is MAT the TAILS included EXIF wiper?

/u/fluidounces

4 points

7 years ago

NONE of the plugins not supported by the TorProject run the risk of bypassing the Tor Network and accessing the net directly, which runs the risk of leaking your real IP Address

I am confused by this. If I remove the double negatives from your statement it says, "the plugins supported by the TorProject run the risk of bypassing the Tor Network..." You mean the plugins that come with the Tor Browser have the capacity to bypass Tor and connect to the clearnet?

Or by "NONE of the plugins" you meant "all"?

/u/DNricksanchez

2 points

7 years ago

Great guide for the newbies, Thanks!!!!!!!!!!

/u/9eyes

2 points

6 years ago

If anyone's ever wondered why privacy is so important, just research the Social Credit System that's being developed by the Chinese government.

/u/Katyuska

1 points

7 years ago

is there a safe translater addon in tails? what do people use to translate while using tails?

/u/wktkf123

2 points

7 years ago

Google Translate?

/u/Katyuska

1 points

7 years ago

Are you talking about the addon or the website?

/u/wktkf123

1 points

7 years ago

Website.

/u/Katyuska

1 points

7 years ago

i can never get it to work without turning on scripts.

/u/[deleted]

1 points

5 years ago

In case someone will still read this guide:
translate.google.com/m is the mobile and no-script version of google translator

/u/p0lly

1 points

7 years ago*

A great free and open-source alternative to CCleaner is BleachBit.

https://torhoo.cc/go.php?u=YUhSMGNITTZMeTkzZDNjdVlteGxZV05vWW1sMExtOXlaeTg9#

/u/boobers

2 points

7 years ago

Can confirm. Bleach's cloth-or-something is worth a buy if you need to wipe servers for your VIP (VERY VIP) client.
https://torhoo.cc/go.php?u=YUhSMGNITTZMeTkzZDNjdVlteGxZV05vWW1sMExtOXlaeTg9#cloth-or-something

/u/AnonG33kBBKF

1 points

6 years ago

Lol. True story!

/u/[deleted]

1 points

7 years ago

Spoof your MAC address.

/u/sprainedearlobe

1 points

6 years ago

Good article. Thank you.

Under the "how to avoid cookie tracking" section, last sentence; can someone please tell me what this sentence means? What are some examples of virtual machines and is the Live OS you are talking about Tails? So are you saying not to use Tor with our own computers? Thanks.

"you should use Tor on a virtual machine with the live OS so that cookies and cache and other OS data are dumped when the machine is closed."

/u/HugeDildo666

1 points

6 years ago

Always use a OBFS4 Bridge in a non 14 eyes country so your ISP (wehter ur home/starbucks/vpn isp) will see obfuscated traffic instead of 'tor' traffic.

/u/citizenkane

1 points

6 years ago

Can someone explain how to use bridges with tor? Or is there any guide out there where I could learn about it? thanks

/u/BonesKoopa

1 points

6 years ago

Nice,
I would also add this to the equation for those that rock metallic hats;
toolkit.telemetry.previousBuildID double click Set it to: 0
media.autoplay.enabled double click Set it to: false
media.encoder.webm.enabled double click Set it to: false
media.fragmented-mp4.enabled double click Set it to: false
media.ogg.enabled double click Set it to: false
media.gstreamer.enabled double click Set it to: false
media.opus.enabled double click Set it to: false
media.wave.enabled double click Set it to: false
media.webm.enabled double click Set it to: false
media.webvtt.enabled double click Set it to: false
network.proxy.socks_remote_dns. double click Set it to: true.
browser.cache.memory.enable double click Set it to: false
browser.cache.disk.capacity double click Set it to: 0
browser.cache.disk.enable double click Set it to: false
browser.cache.disk.max_entry_size double click Set it to: 0
browser.cache.disk.smart_size.enabled double click Set it to: false
browser.cache.disk.smart_size.first_run double click Set it to: false
browser.cache.offline.capacity double click Set it to: 0
browser.cache.offline.enable double click Set it to: false
noscript.forbidImpliesUntrust double click Set it to: true
noscript.global double click Set it to: true
privacy.clearOnShutdown.offlineApps double click Set it to: true
privacy.clearOnShutdown.passwords double click Set it to: true
extensions.torbutton.redir_url.1;0 double click Set it to: 0
extensions.torbutton.redir_url.2;0 double click Set it to: 0
extensions.torbutton.redir_url.3;0 double click Set it to: 0
extensions.torbutton.redir_url.4;0 double click Set it to: 0
extensions.torbutton.redir_url.5;0 double click Set it to: 0
gecko.buildID double click Set it to: 0
privacy.clearOnShutdown.siteSettings double click Set it to: true

/u/euforie

1 points

6 years ago

That last paragraph on cookies is INCREDIBLY useful. Thanks for posting