Tor And The Dark Art Of Anonymity E-Book

Table of Contents 

Preface

Is Tor Safe in 2022?

         Tor Risks

         Exit Nodes

         Intelligence Agencies

        Quantum and FoxAcid System

Tor Step-by-Step Guide

    Tor Installation

    What Tor Cannot Do

    Tor Apps & Anti-Fingerprinting Tools

      Orbot

      Invisibox

      Text Secure

      Red Phone

      Google and Tor

      Captchas

      SpiderOak

Tails

    Tails Limitations

    Chrome

    Flash Control

    User Agent Switcher

    CanvasBlocker

    Deadly Firefox Options

Whonix & Tor

    Torbirdy

    Macchanger

    Whonix Bridges

Tor and VPNs

    Pay for a VPN Anonymously

    Pay for a VPN Using a Credit Card

    Tor Friendly VPNs

    Using Bitcoins to Signup Anonymously to a VPN

    Bitcoin Mixers

    Bitcoin Wallets

        Desktop

        Mobile

    Multibit

        Multibit Windows      

        Multibit Linux

    Paying for a VPN to Use with Tor

Using Your Real Name Outside of Tor

    The Desert of the Real

    Cyberbullies and Anonymity

    Email Anonymity

    TorGuard

    Guerrilla Mail

    PGP

    Mymail-Crypt

    AxCrypt

    Torchat

    ChatSecure

    Telegram

    CryptoCat

    Freenet

    Frost & Fuqid

Passwords & Tor

    Changing Passwords

    Storing Passwords in Tor Browser

    Diceware

    Preventing Non-Tor Activity From Being Linked with Tor Activity

Keyloggers

    Vampire Signs

    Software Keyloggers

    Hardware Keyloggers

    For The Children

    Keylogger Prevention

    Anti-Keyloggers

Darknet Markets

    Fraud Prevention

    When It Is Okay to FE (Finalize Early)

    When It Is NOT Okay

    MultiSigna

    Is It Safe? Is It Secret?

    The Long Arm of the Law

    How Most Get Caught

    Darkcoin

    Darkcoins for Business

    Transaction Processors

    Darknet OPSEC

How to Setup a Hidden Service on Tor

    Configuration

    Shallot and Scallion

    On Running a Hidden Tor Server (and other Opsec Magic Sauce)

    Tor and Your PC

    NSA Slides

    Situation Awareness

    Darknet Personas

    Tor Hidden Services - High Risk, High Reward

The Death of Anonymity

Conclusion

Preface

You want what you want.

Invisibility. Anonymity. Ghost protocol.

You've taken the red pill and have seen the truth, and you don't like it. I don't blame you. I didn't like it either. But what I thought I knew about Tor and other incognito tools was only a drop in the ocean next to what's really out there. Stuff you don't find on many tech forums. They're whispered in private, of course, but it's all invisible to you. Until now.

Which brings us to you and I, or rather what I can do for you. It's amazing what a guy can learn in a decade when he rolls his sleeves up and gets his hands dirty. Private hacker forums. Usenet. Freenet. I scoured them all for years and what I've learned isn't anywhere else on Amazon.

Equally amazing is what you can learn for a few dollars in a weekend's worth of reading. That's me, and soon to be you. Where you will be by Monday is where I am now, only without the years of mistakes. Mistakes I made using Freenet, Tails, PGP. You name it, I did it. And boy did I make BIG ONES. Those are mistakes you'll avoid because, after you've read this guide, you'll know more than 85% of the Tor users out there, and know more about anonymity than most Federal agents. Even the so-called superhackers at the NSA who only get by with a minimum amount of work every day, mostly involving eradicating your right to privacy.

To that, if you don't come away satisfied, return it for a full refund.

But I know you won't. Because once you've taken the red pill, there ain't no going back. You can't unlearn what you've learned, unsee what you've seen, and you'll want more. Much, much more.

First off, we're not sticking with the basics here. If all you want is Tor for Dummies, look elsewhere. Where we're going is dangerous territory. It's shark territory when you get right down to it. But don't worry. We've got shark repellant and everything you need to surf safe. You'll reap benefits you've only dreamed of and by the time we're done, you'll have gained NSA-level anonymity skills with a counter-surveillance mindset that rivals anything Anonymous or those goons at the NSA can come up with. They won't have a clue as to how to find you.

Secondly, for a few dollars, you'll know every exploit those superhackers like to wield against Tor users and more: How to avoid NSA tracking. Bitcoin anonymity (that is, real Bitcoin anonymity), Opsec advice, Darknet markets and Darkcoins and, well... frankly it's a very long list, and by the time you're done you'll be a Darknet artist when it comes to marketplaces and buying things cloak and dagger style.

Third, we'll go over many techniques used by the CIA and FBI to entrap users. False confessions. Clickbait. Tor honeypots. It's all the same when you get right down to it. You'll learn the same techniques used to catch terrorists, hackers and rogue members of the hacker group Anonymous and couriers for Reloaded. Baits and lures and how to spot an LEA agent from a mile away. I break it all down into simple steps that you can understand. A few dollars for this info will save you a LIFETIME of grief. And no, you won't find it on Reddit or Ars Technica or Wired. If you're mulling this over, don't. You need this now. Not when you're framed for something you didn't do.

Fourth... reading the dangerous material herein requires you take ACTION. The Feds take action. Identity thieves take action. Hackers take action. Will you? You have to take action if you want results. What you're glossing over right now is no mere guide. It's a mindset. It's professional level stuff meant to keep you and your family safe for a decade out, going far beyond apps and proxies and it's all yours if you do two simple things: Read, then act. Simple. Because you know what they say: Knowledge is power.

No, strike that. Knowledge is potential power. Your power. But only if you act.

Fifth... I update this book every month. New browser exploit in the wild? I update it here. New technique for uncloaking Tor users? You'll read it here first. We all know how Truecrypt is Not Safe Anymore, but that's only the beginning. Besides, freedom isn't free.

Lastly... The scene from Jurassic Park with Dennis Nedry, I believe, is a nice frightful analogy to what happens if you don't take your security seriously. We see poor Dennis try to get his jeep out of the muck in the middle of a tropical storm. Lightning unzips the sky and the rain pours. The thunder rolls. A dilophisaur bounds upon him, beautiful and appearing curious. Yet boiling under his head lies a deadly secretion as it sniffs the air and cocks it's head at Nedry - moments before spraying his chubby eyes with poison. Blinded, he staggers back to the safety of the jeep, wailing and gnashing teeth, only to discover a visual horror to his right: he's left the passenger-side door ajar - wide enough to let Mr. Curious in for a juicy evening meal, which it savors with a row of piranha-sharp teeth.

The point is this: Don't be Dennis Nedry. There are far bigger creatures who'd like nothing better than to split your life (and family) wide open if for no other reason because THEY CAN. Such is the nature of the elite.

Unless, of course, you tame them...

Which is not bloody likely.

Is Tor Safe?

That seems to be the question alright. As to what the true answer is, it really depends on whom you ask, because there are always wolves in sheep's clothing out there who stand to gain from your ignorance. Many say no. A few say yes. The media, for all their expertise in things political and social, come up woefully lacking when something as complex as Tor is discussed.

Case in point: Gizmodo reported that a group of hackers managed to compromise enough Tor relays to decloak Tor users. If you're just hearing this for the first time, part of what makes Tor anonymous is that it relays your data from one node to another. It was believed that if they compromised enough of them, then they could track individual users on the Tor network and reveal their real life identities. Kind of like how the agents in The Matrix find those who've been unplugged.

Anyway as luck would have it, it turned out to be kiddie script-hackers with too much time on their hands who simply wanted a new target to hack. Who knows why. Could be that they'd toyed with the Playstation Network long enough and simply wanted a curious peak here and there. These were not superhacker-level NSA members, either.

But as is usually the case with the media, this attack attracted the attention of a few bloggers and tech journalists unsympathetic to Tor and frankly, ignorant of what really constitutes a threat. The Tor devs commented on it, too:

"This looks like a regular attempt at a Sybil attack: the attackers have signed up many new relays in hopes of becoming a large fraction of the network. But even though they are running thousands of new relays, their relays currently make up less than 1% of the Tor network by capacity. We are working now to remove these relays from the network before they become a threat, and we don't expect any anonymity or performance effects based on what we've seen so far."

What those conspiracy bloggers failed to report was that any decentralized network like Tor is a prime target for attacks such as the above. But to truly stand a chance at punching a hole through this matrix, hackers would need Tor to implicitly trust every new node that comes online. That just doesn't happen.

It also takes time for fresh relays to gather traffic - some as long as sixty days or more and the likelihood of being reported is rather high since the IP addresses are out in the open, which only speeds up malicious reporting. The real danger, and has been since inception, is scaring Tor users to less secure methods of communication. That's what the NSA wants. The CIA already does this in foreign countries. Now the NSA is following their lead.

The REAL Risk of Using Tor

I list them here before we dive deep into enemy territory so you'll know what to avoid before installation, and maybe get an "a-ha!" moment in subsequent chapters. As you read, remember that having Javascript on is really only a drop in the ocean next to what is possible for an enemy to kill your anonymity.

Javascript

It's widely known that leaving Javascript on is bad for a Tor user. Ninety-five percent of us know this, but the mistakes of the 5% get blown out of proportion and thrown into the face of the rest of us. Worse, many websites now run so many scripts that it seems as though they hate Tor users.

One site required over a dozen. Without it, the page was/is/will be pretty much gimped. Sometimes it's not even readable. You can imagine what might happen if you were using Tor and decided to visit that site if it were created to lure users into a honeypot. I recall one researcher claimed that "81% of Tor users can be de-anonymised."

Bull.

That 81% figure came about because the targeted users knew little about the NoScript browser add-on, and likely mixed Tor usage with their daily open net usage, providing ample data for a correlation attack. But that was just the icing on the cake. They left personal details *everywhere*; using the same usernames and passes they do elsewhere on the open net. Bragging about their favorite Netflix movies. Talking about local events (Jazzfest in New Orleans!). The weather (Hurricane in the French Quarter!). You get the idea. Much more on this later.

Volunteering as an Exit Node

Another doozy, though not quite the granddaddy of all risks. It's still risky. On the plus side, you as a valiant believer in anonymity graciously provide bandwidth and an "exit pipe" to the rest of the Tor users (hopefully none of whom you know) so that they may pass their encrypted traffic through your node. Generous? Certainly. Wise? If you live in the States... hale no, as my Uncle Frick in Texas used to say.

It isn't that it is illegal per se to do so. On the contrary, but what passes through your Tor node can land you in hot water if you live in a police state like my native Louisiana. All exiting traffic from your node (i.e. other people's traffic) is tied to your IP address, and as others have found, you put yourself at risk by what others on the other side of the planet do with your node.

Lots of new Tor users fire up BitTorrent that's been configured for Tor and suck down all the bandwidth. It makes for a very miserable Tor experience for other users. You may get served with a copyright violation notice (or sued), or perhaps even raided at 6 AM by a black party van if child porn ends up flowing out of your pipes. Think carefully and do your research before taking on such a risky charge, lest your computer be seized and your reputation ruined. Innocent men have gone to jail for their overconfidence.

Running an Exit Relay From Home

Running it from home is even worse then using cloud storage, and is infinitely more dangerous in the USA and UK than say, Thailand or Philippines. If the law for whatever reason has an interest in your Tor traffic, your PC may just be seized, yes, but that's only the start. In the UK, there are no 5th amendment protections against self-incrimination. Anywhere. A crusty old judge can give you two years just for not forking over the encryption keys. If they did have it, they wouldn't have bothered raiding your bedroom and spooking the bejeezus out of your cat at the crack of dawn.

Use a host instead that supports Tor. There is Sealandhosting.org, for one. They accept Bitcoins and don't require any personal info. Only an email. They offer Socks, Dedicated Servers, Tor Hosting and VPS as well as Domains.

We'll get into the nitty details later, but these are the Rules I've set for myself on occasion. I change them every year.

- Refrain from routing normal traffic through it

- Never do anything illegal (more on this later as it's a very grey area)

- Never put sensitive files on it (for ex., financial data, love notes, court documents, lawyer correspondence)

- Be as transparent as possible that I'm running a Tor exit.

- If I get complaints from ISP or possibly the university, I use this template.