6

Questions about Tor before installing it

Submitted by privacy_noob in Privacy

  • How are you supposed to access your email, bank, and other personal accounts using Tor?
  • Can you buy stuff from commercial websites given that we use credit cards to do that? Do I have to use a Visa gift card to be safe or eventually figure out BitCoin?
  • What's the deal with http websites? Just add a 's' to make it secure?
  • You can't use BitTorrent and Tor together, so do you people just not torrent stuff anymore? What's the alternative? Using another anonymous proxy that's not Tor? Is Megalinks different from torrenting?
  • You can't use YouTube on Tor right? Is HookTube the only alternative right now?
  • Don't a bunch of websites require JavaScript/Adobe to work? This is where Tallow comes into play right? Is it pretty straightforward to install?
  • How do I download PDFs and other docs for school if I'm using Tor? Use a PDF viewer built into Tor? Or Tails?
  • What VPN do you all use?

Comments

You must log in or register to comment.

4

boringskip wrote

Hooktube is fascist, pretty sure YouTube will use html5 if JavaScript is off. Tor Browser has JS enabled by default for HTTPS sites.

Not sure what Tallow is

If you use BitTorrent, use a VPN, not Tor, they're safe enough from the copyright police. Mega over Tor will be REALLY SLOW, and I think they use JavaScript.

PDFs can have a ton of malware, either use https://mat.boum.org/ or open them in a VM. Maybe the default Linux PDF reader is OK, I don't think it executes anything or makes internet connections. Someone correct me if I'm wrong.

I would suggest either AirVPN (it allows you to run servers behind it, too!), Cryptostorm is very secure but not for noobs, NordVPN is pretty trusted, and Private Internet Access was court-ordered to turn over logs and sorta proved they don't keep them. If speed isn't a concern, Riseup.net has a free one thats fine for occasional torrenting. But if you're just concerned with pirating, any VPN is fine.

2

zombie_berkman wrote

More or less everything said here, but a heads up riseup caved to a court order and can no longer be trusted. Not sure what ops threat model is tho

1

boringskip wrote

that was unfortunate, but i think it was just about a phisher. they've built in protections against that now, i don't think they had much choice

3

sudo wrote

How are you supposed to access your email, bank, and other personal accounts using Tor?

The easiest way to check your email over Tor is to download Thunderbird (an email client), and install the TorBirdy addon. That will route all of your email traffic through Tor. Be warned, though - using Tor to log in to a Gmail, Outlook, etc. email address will probably trip their safety programs. They may ask you to two-factor authenticate every time, which defeats the purpose of using Tor for anonymity, or they may decide to lock your account and force you to change you password every time you try to login via Tor. So, if you want to use email over Tor, you'll have to abandon any email addresses you have registered with email giants (which you should do anyway), and set up an email with a service like riseup.net or disroot.org. Both of them allow email over Tor.

You won't be able to do any online banking over Tor. Every bank blocks Tor traffic.

Can you buy stuff from commercial websites given that we use credit cards to do that? Do I have to use a Visa gift card to be safe or eventually figure out BitCoin?

I don't know, since I've never tried it over Tor. But I suspect they wouldn't allow it. Bitcoin or other cryptocurrencies are probably the way to go, but the drawback there is that bitcoin transactions use massive amounts of electricity, so that's not something I can support doing. Also, if you're blocking Javascript like you should be, that will mean that every major ecommerce website will not work. You might be able to buy something from a small business with a website designed in the 90s, but that's it.

You can't use YouTube on Tor right? Is HookTube the only alternative right now?

Without Javascript enabled, you will not be able to do anything on Youtube. That doesn't mean you can't watch Youtube videos anonymously, though. See this guide.

Don't a bunch of websites require JavaScript/Adobe to work?

Correct. Sadly, due to the danger of browser fingerprinting, it is too dangerous to enable Javascript to get these websites to work. You'll just have to find other websites that do the same thing that do work without Javascript, or just go without whatever you were looking for.

This is where Tallow comes into play right? Is it pretty straightforward to install?

I don't think so. From what I can tell, it just routes all of your computer's traffic through Tor. It's also for Windows, so if you care about your privacy, get the fuck off of Windows right the fuck now. Windows spies on everything you do. Back up all of your personal data to a flash drive, then, using another flash drive, install Linux on your computer. Fedora is a pretty good operating system, and it's not difficult to set up. Follow the guide I linked you to, but be sure to put the "live" version of Fedora on a different flash drive than the one you have all of your data backed up on.

What VPN do you all use?

Repeat after me: you do not need a VPN if you're using Tor. You do not need a VPN if you're using Tor. You do not need a VPN if you're using Tor. Anyone who tells you otherwise is either lying to try to sell you a VPN subscription, or they have been duped by the former. Tor already obfuscates your traffic very well, so adding an extra layer in the form of a VPN isn't necessary. Now that a free and more powerful alternative to paid VPNs exists, VPN companies are seeing their main source of revenue slipping away, so they're resorting to spreading misinformation to save their profit margins. Don't fall for it.

"But my country/ISP blocks Tor, so I need to use a VPN to connect to Tor!" No you don't. Use tor bridges. "But if I connect directly to Tor / use Tor bridges, my ISP will know I'm trying to hide something!" They'll also know you're trying to hide something if you connect to a VPN. If you use a VPN to connect to Tor, you'll be going around your elbow to get to your thumb, and you'll be paying for it, too. Just use Tor.

2

autonomous_hippopotamus wrote

agree with most of this

however, on the VPN point, while yes a VPN isn't necessary, many people say a VPN is helpful to either secure your information from the tor exit node, that using tor sources ones information from the VPN provider.

Do you know of any research that's been conducted that sheds some light on this issue?

1

sudo wrote

This is the first I've heard of this issue. If I may say so, that concern makes very little sense. Just exactly what information is being leaked to the exit node that using a VPN would help protect? As far as I understand it, the only information that an exit node can get about you is from any unencrypted traffic you send through it. If you encrypt everything (like by using https), then it will have no idea who you are, or what you're browsing. I fail to see how using a VPN would help in this matter.

Can you point me to where you found this argument? There could be something that I'm missing, but as of now, this still sounds like a VPN company spreading misinformation in order to stay in business.

1

autonomous_hippopotamus wrote

tldr: i think you are right that if you use https/ssl you should be safe from malicious nodes, though one thing i've heard speculated somewhere is since the feds probably host quite a few exit nodes they can launch deanonymizing attacks on particular hidden services... It seems there are arguments to be made that using tor with vpn has some marginal benefit, tho this is controversial, but it may be this is a myth propagated by vpn providers like you say.


I can't say where i heard these arguments the first time, but i see it pretty often, the longer comment by a user named Roya on Stack Exchange summarized it pretty well.

The one, less contentious benefit of using tor with a VPN is the ability to hide your Tor usage from your ISP while also hiding your online activity from the VPN. As argued by this Deep Dot Web article.

If you choose to use TOR over a VPN, the benefits are that you would be again, hiding from your ISP the fact that you are using TOR. Also, your VPN would only be able to see that you are connecting to TOR nodes and that you are sending encrypted data. The VPN would not be able to see what data you are sending over TOR unless they decrypted it, because remember, all information relayed over TOR is encrypted.

But then, you can get around the problem of hiding your traffick form the VPN by not using a vpn at all.

This article from the Tin Hat (also from 2014) makes a more explicit argument about hiding your traffic from a malicious exit node, but they don't go in depth.

But then, i should point out both Deep Dot Web and the Tin Hat contain advertisements for VPN providers on their page. So you might be right that it's bullshit.

2

autonomous_hippopotamus wrote

For Torrenting you can use Tribler, it basically has built in proxies, won't protect you from the cops, but good enough to protect you from copywrite police

Tribler has many other cool features, like built in search. It is somewhat buggy, however.

https://www.tribler.org

2

Solisition wrote

What's the deal with http websites? Just add a 's' to make it secure?

Generally the extension 'HTTPS everywhere' should handle that.

You can't use BitTorrent and Tor together, so do you people just not torrent stuff anymore? What's the alternative? Using another anonymous proxy that's not Tor? Is Megalinks different from torrenting?

You can use I2P for torrenting, guide found /w/AnonymousTorrenting

How do I download PDFs and other docs for school if I'm using Tor? Use a PDF viewer built into Tor? Or Tails?

Download it, go offline, then open it.

What VPN do you all use?

ProtonVPN