Tor

Hi

I launch the Tor browser, and then it prompts me to connect to the Tor network, which goes smoothly. I can normally search using the DuckDuckGo browser, but as soon as I try to connect to the .onion network… … the Tor connection is unexpectedly terminated. It tells me that the cause might be a Tor bug, another program on my system, or faulty hardware, blah blah blah.

This happened to me starting today. Yesterday and previously, everything was fine. Im on Mac.

Using orbot on ios I can’t access certain websites is this normal, before I could access the same websites I now can’t. Can anyone help or give some advice

I'm currently using tor in tails Linux, however I don't want my ISP to know that I'm using tor, what should I do,

I know that as a general rule of thumb javascript poses significant risks. That is not my question.

To elaborate on my flow with the tor for now it's more or less like this:

1. I keep tor up to date and from time to time update my bridges
2. I access some onion resources alongside the clearnet ones.
3. Since password management is a bit clumbersome I have a self-hosted hashicorp vault instance (for those unfamilar think of this just as a "secure web pass manager, where you don't need to trust random password managers not to leak your data") that does not by itself has access to internet in any kind of way. I use that instance both when using clearnet outside of tor, both for my work and personal.

But for many reasons vault will not work without javascript. I tried to press a few buttons in NoScript to try to enable JS globally on my domain specifically, but it doesn't seem to work, I still just get a blank page.

Trying to google how to do this doesn't give any information apart from "yes, you can configure it with noscript".

The question is how?

Hi u/all,

I received the following email from my hoster yesterday evening:

A security incident has been detected on your IONOS server.

We have been informed that attacks have been carried out from your server against third parties.

Host / IP of your server: MYIP address

Details of this incident can be found at the end of this email.

To restore the security of your compromised IONOS server, the following measures are necessary:

remove affected files and services

Please analyse which services, software and files have been stored or modified by third parties on your server. Remove these or correct the changes made within 48 hours.

2. protect yourself from future attacks

Always keep the operating system and the software used on your server up to date. Also change all passwords that are or were stored on your server (e.g. for mail servers, external services, databases). It is highly likely that these were stolen by the attackers.

3. inform us about the measures you have taken

Please always give us brief feedback after you have cleaned up the server. Please leave the ticket number [Ticket AB136070868] in your message.

Note: If the security incident is not resolved within 48 hours, we will have to take your server offline.

Tip: If it is not possible to clean up the server, please reinitialise it. We also recommend that you check your backup before restoring it.

We look forward to working with you to ensure the security of your server. Thank you for your co-operation.

Details of the incident:

30-Oct-2024 14:12:29 BLOCKED attempted-recon MYIP address 0 202.91.x.x 22

30-Oct-2024 15:03:42 BLOCKED attempted-recon MYIP-Address 0 202.91.x.x 22
30-Oct-2024 15:10:48 BLOCKED attempted-recon MYIP-Address 0 202.91.x.x 22
30-Oct-2024 15:13:21 DENIED MYIP address 18697 TCP 202.91.x.x 22
30-Oct-2024 15:32:11 DENIED MYIP address 39594 TCP 202.91.x.x 22
30-Oct-2024 15:45:53 BLOCKED attempted-recon MYIP-Address 0 202.91.x.x 22

Kind regards

Your IONOS customer service

The stupid thing is that I'm not at home at the moment and don't even have a computer available. I connected via SSH from my mobile phone and couldn't find anything suspicious.

How should I react?

I don't really want to draw ionos' attention to the relay. The safest option (in terms of ionos' reaction) would be to shut down the server a few days and then simply reinstall it.

It's a Ubuntu 22.04 with nothing more in it than Tor, so reinstalling should be don in less than a hour.

Better ideas?

Update: It seems to be a bigger thing e.g.:

https://forum.torproject.org/t/tor-relays-tor-relays-source-ips-spoofed-to-mass-scan-port-22/15498

https://www.reddit.com/r/TOR/comments/1ggl285/comment/luu4ezx/

But the question stays the same. How to react against the holster?

Update II:

Here is what I wrote to IONOS. My goal was to get rid of the problem without making it too clear that there is a Tor relay running:

Hello IONOS team,

With regard to your message about the security incident, I have checked my server extensively. I could not find any evidence that the server was compromised or that SSH login attempts were made to the IP address 202.91.x.x. I suspect that my IP address may have been the target of an IP spoofing attack. I therefore suspect that my IP address may have been the target of an IP spoofing attack.

I have taken the following Actions:

1. checked SSH logs

2. analyzed the syslog

3. checked network connections

4. searched for suspicious processes

5. checked recent system file changes

6. checked SSH configuration

7. user accounts checked

8. performed a system update

I have also installed and activated fail2ban to protect the server against unwanted access in the future.

If further measures are necessary, please let me know.

Thank you very much for your support.

My country just banned some if not all social media(YouTube included) (for political reasons) for a few weeks leading to the elections. Could I rely on Orbot just to bypass these bans? (Also , should I recommend this to my friends?)

Exploring the Tor Browser and its functionalities, particularly in relation to privacy and security. Could provide any resources on how to effectively explore and utilize Tor?

I dont want to downgrade but i keep getting errors for mac and it keeps disconnecting me whenever i try to go on any site. Its annoying.

Anyone else having issues with Tor while having a MacBook? Eveything was working fine until last night, and now I can only see the Home Screen but if I decided to search will tell me to restart browser and I have multiple times, I’m stuck ://

I'm still new to Tor. I'd love any advice. Currently using it on my phone. I'm trying to get to the dark web. I'm looking for a few specific things

I'm lost

it is not at:
TorBrowser/Data/Browser/profile

I am interested in running a tor client with a maximally-locked-down firewall configuration to reduce the risk of compromise. My thought was to pick ten relays and allow the client to connect to those servers on the port they serve, and nothing else.

As a new user, I'm unsure how well this will work. Do the available relays rotate very often? Is 10 enough? Would 1 suffice? Thank you for any comment.

So first just go here and read this thread, make sure you read the comments https://www.reddit.com/r/TOR/comments/1gdcotg/i_just_installed_tor_browser_on_ubuntu_2404_and/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

So yeah what's going on, can I safely ignore that message? Did you read the comments? One person told me that if you install Tor using one of the package managers then you'll be fine, that I'm getting this message because I installed Tor directly from the Tor website.

Ok so I do remember installing Tor using flatpak about a year and a half ago I'd say, or maybe even 2 years ago now, and what flatpak will do is it will install the Tor Browser launcher on your computer and then from there you can launch Tor and install it. Thing is the Tor Browser launcher was broken, it was broken for at least over a year.

Yeah the Tor Browser launcher was broken for a long time so I just gave up on it. Does it work now? Does it work on Ubuntu 24.04 LTS?

So yeah I gave up on the tor browser launcher and just started downloading Tor from the Tor website and installed it this way. In fact, many tutorials will tell you to download Tor from the Tor website and install it this way.

So yeah can I get some second opinions here? So apparently installing Tor from the package manager will fix this? Keep in mind any package manager is going to install the Tor Browser launcher though, and the Tor Browser Launcher was broken the last time I used it, did they finally fix it?

Just an FYI I'm on Ubuntu 24.04 LTS.

As the title suggests, I am trying to get a sense of both (Windows 10)

1. Ensure that TOR, in any implementation, is working correctly with a "default block - all" (outbound) security posture set with the WFP

2. an alternative re-statement of #1

what "holes" do I need to poke with the WFP to allow for full TOR usability

An addendum to #2:

Are there any core windows services, eg those that are DLL based and run through SVCHost.exe, that work to support the operation of the TOR browser (eg the Firefox, Tor, lyrebird, snowflake-client, and conjure-client executables) and must have internet access (IIUC about how WFP works, the ability to create sockets?)

Lets assume for simplicity that I am speaking of the browser only....

However, it would also be very useful to know about the systemwide Expert bundle as well.

As the title suggests, What is the working library and documentation related to it. That and if there is any other way.
Thanks!

Problem mac connextion with tor I receive à message to reboot tor each time cant do anything i saw post on this topic but not found have you news about this problem?

I m creatin an hidden service my website works very well I need to put it on tor But django + tor its complicated my Classic website is on root/monero_shop I will put the tor hidden service on var/www is it good i need to put link to 117.0.0.1:80 Could you help le i will put picture this evening

In about:config, there's a lock beside this setting, and the default setting can't be changed. This used to be allowed.

This breaks several websites I use including Reddit and a site I work on that this setting breaks as an inadvertent side-effect because of a third-party library I can't change. I used to use Tor for testing from different locations, but I can't any longer after control of this setting was taken from us. We shouldn't take control from users.

Hello everybody. Since my last post, I've using tor on my tails OS via USB drive. NO issues and works smoothly. Yesterday, I got this windows 10 laptop from my company which I joined as intern. This company provides data security to other government agency or organization. So I have to do all my work on this OS due to companies policy. So, these are my questions:

1: Is windows 10 or 11 is spyware. Can they(or who knows they're already) spying there users.

2: Is MacOS a spyware. I can ask my company to provide a macbook.

3: If the answers is yes to 1 & 2, then how can I install tor by 100% anonymously(I'm thinking I made mistakes while installing tor on my primary computer last time) and use it 100% anonymously.

I have to start working on this project that they gave it to me and trust me, it requires 100% anonymity(due to working with Indian government defense and space programs). So, give me as fast as possible reply and plzzz give me suggestions, guide, advice like your little brother.

I need to get Turkish nodes, but the problem is that I use a bridge because Tor is blocked in my country. In this case I can't use EntryNodes/ExitNodes, Tor gives me an error. I could use ExcludeNodes to exclude all countries except Turkey, but then the bridge wouldn't work (except for Turkish). Maybe there is a way to get Turkish bridges or is there another option?

However, be aware that when using Tor and another browser at the same time, your Tor activity could be linked to your non-Tor (real) IP from the other browser, simply by moving your mouse from one browser into the other.

Hi, I started 3 Tor nodes on 3 different VPS running Debian 12 hosted in RU. The VPS provider is fine with this.

Tor relays have been active since 3 weeks when I check with command "systemctl status tor" but my relays are not recognized when I do enter IP addresses on ExoneraTor and Relay Search.

Why?

Traffic graphic shows servers used between 4GB and 8GB traffic. Mostly incoming traffic.

I also asked ChatGPT and it is talking about "PublishServerDescriptor" in torrc file which I do not have in my config torrc config.

Thanks

Good morning, I would like to know if it is possible to know how many people are simultaneously passing through a hypothetical Tor exit node, let me explain better, if I visit some pages, I think I understood that the latter to which I connect can only see the IP of the exit node, and this already makes me understand that it is obviously not possible to trace the source, but I assume that it is even safer in terms of identity to find yourself "mixed" with other people on the exit node at the same time, is that right? Furthermore, is it possible to understand if a user X has some pages open in particular or is everything "mixed" with the other users? I hope I was clear, thanks to those who can give me clarifications. Have a good day.

Sometimes, two or even all three nodes are from the same country. When I try to establish a new Tor circuit, there is still a high chance that this will happen. Is there a way to exclude specific countries or ensure that each node is from a different country?

I'm just creating this for the newbies who might find it confusing how to install TOR cause there are multiple ways to install TOR and it can be confusing if you're a newbie to Linux.

So listen, there are multiple ways to install TOR but the best way to do it is to download the Tor Browser from the Tor website itself, here this tutorial will show you how to do this https://itsfoss.com/install-tar-browser-linux/ you don't have to verify the file, I've never personally done this. But yeah this tutorial is totally correct.

It's ok to not verify the file right? I mean I never have.

Yeah the best way to install Tor on Linux is to download Tor from the Tor website.

I created a folder called "applications" in the home folder and moved the Tor download there.

Now in that tutorial you'll see "Once the file is executable, open a terminal in that location." So this part might be confusing if you're new to Linux. So literally right here https://imgur.com/a/05ljsFj you would right click in the white and click "Open in Terminal" it's that easy.

I just remember how when I was new to Linux it was very hard to get Tor installed. I remember trying so many different methods and nothing worked. It took a few years for me to sort of become familiar with the command line.

So I've created this tutorial cause there might be some newbies in the future googling trying to figure out how to install Tor and this should show up in the search results. Just tryin' to do my part is all.

How to uninstall Tor. So yeah in this tutorial he tells you how to uninstall Tor https://itsfoss.com/install-tar-browser-linux/ but thing is, it didn't work for me.

rm ~/.local/share/application/start-tor-browser.desktop

Doesn't work for me.

rm -rf ~/.Application/tor-browser

Didn't work either.

And nothing here https://askubuntu.com/questions/1388996/cant-uninstall-tor-browser works for me either.

So here's how I successfully uninstalled Tor. Well you know the Tor download you downloaded? Simply delete it, delete that folder that has Tor in it. Also go in your home folder and search "start-tor-browser.desktop" and scroll till you find it and delete it. And make sure you empty the trash. Now Tor should successfully be deleted from your computer.

Cause sometimes Tor will act glitchy and you may need to uninstall and reinstall it.

Here I took a screenshot of it https://imgur.com/a/cFFy4bq

and this is the message I see when I follow the link "How to fix this issue"

https://imgur.com/a/OtHET2E

https://imgur.com/a/2l6fQUH

So what is this all about and can I ignore it?

Man I just hate the fact our every movement is followed on the open internet so I try to use the tor browser as often as possible. We really are headed toward a world where we just won't have any privacy anymore.

In Norfolk, Virginia they're suing the police cause the police put up cameras all over the city that use AI to automatically take pictures of your car, it will create a fingerprint of your car. So now you can't drive anywhere in Norfolk without being tracked by these cameras. In fact the company behind these cameras has put these cameras up all over the country so theoretically you could be tracked all over the USA.

We're gonna find ourselves living in a world where we're tracked online and we're tracked in the real world as well.

So they're suing the police saying these cameras violate the 4th amendment. I mean 1984 is quickly becoming a reality. https://arstechnica.com/tech-policy/2024/10/lawsuit-city-cameras-make-it-impossible-to-drive-anywhere-without-being-tracked/

4th amendment:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.