well i recently installed tor so i can be anonymous on the internet. its seems to be working fine ...and where is my ip says im located in germany which is very far away.

however i still dont understand how it works...is there any chance i can be found?

will the police have a way to see where i live?

let me know

Yes They Will Be Able To Track You .

www.google.com/maps

but seriously...anyone?

I was being serious in a way ,

yes they will be able to trace you down , TOR is a good software but it still isnt 100% un-traceable like everyother program available on the World wide web to hide yur IP etc ...

Read the wiki page it helps you understand
http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29

What is it your wanting to do on the net untraceable ?

I was being serious in a way ,

yes they will be able to trace you down , TOR is a good software but it still isnt 100% un-traceable like everyother program available on the World wide web to hide yur IP etc ...

Read the wiki page it helps you understand
http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29

What is it your wanting to do on the net untraceable ?

scam and phish paypals to purchase goods to a drop house

am i safe?

i cant say for sure but i wouldnt advise doing it , aslong as your on then net your traceable to a point . trust me

Tor is pretty much as secure as you can get at getting your connection anonymous ..
Basically there's a large network of computers for the Tor system, thousands of them, the tor software randomly picks 3 (I think it was) of them for your traffic to tunnel through, so it goes through each one at a time encrypted all the way, then you get to the 'exit node' which fetches your web document for you and sends it back through the tor network, still encrypted, back to you where the tor software decrypts it and shows you the web page ..
So for anyone to actually trace it they'd have to have control of all the 'nodes' that you go through, which are randomly selected out of thousands so there's an extremely small chance of getting your traffic traced to you even if someone gains control of quite a lot of the nodes, which they haven't ..

But, you can still lead people to you with what you do on the web, if you post personal information or accounts etc etc that link back to you, so you still have to be very careful with that so you don't get traced through your actions ..

Tor is pretty much as secure as you can get at getting your connection anonymous ..
Basically there's a large network of computers for the Tor system, thousands of them, the tor software randomly picks 3 (I think it was) of them for your traffic to tunnel through, so it goes through each one at a time encrypted all the way, then you get to the 'exit node' which fetches your web document for you and sends it back through the tor network, still encrypted, back to you where the tor software decrypts it and shows you the web page ..
So for anyone to actually trace it they'd have to have control of all the 'nodes' that you go through, which are randomly selected out of thousands so there's an extremely small chance of getting your traffic traced to you even if someone gains control of quite a lot of the nodes, which they haven't ..

But, you can still lead people to you with what you do on the web, if you post personal information or accounts etc etc that link back to you, so you still have to be very careful with that so you don't get traced through your actions ..

this is incredibly helpful, thanks a lot

Just remember that if you try any big shit they will come after you a lot harder.

also when i am using tor, paypal wont connect as it says "connection refused- SOCKS" or something

any ideas?

I have tor and I can't figure out how to get onto that .onion page.

I have no idea what to do.... can someone help me
please?

I wasn't even going to post and I don't really want to get into it so I'm just going to say don't use TOR from your home for anything illegal or important. I'm not going to write a huge article or explain it to anyone, just do a little bit of research and you'll see why. I'm mostly saying this for all the little noobs out there are about to fuck up big time because they saw this thread thinking TOR could save their privacy. Never do any kind of illegal activity from your own home. TOR does not guarantee that you are safe or anonymous. It does help a lot though.

TL/DR: Don't use TOR if you don't want to take any chances at all. If you're feeling somewhat lucky and don't really give a fuck then go ahead and use it.

agreed

just use public wifi

That's how the pros do it. Then you could use TOR in conjunction with public/stolen sweet, sweet 802.11 juices to give em hell when they're trying to track you down.

Don't forget, MAC address spoofing. Especially if your wireless card came stock with your laptop. =)

Don't forget, MAC address spoofing. Especially if your wireless card came stock with your laptop. =)

This.

Beat me to it.

How does tor work though? I downloaded it a few days ago and do you have to use the firerfox included? I downloaded it since totse wont work for me on my laptop. The site won't work unless I use a proxy.

Ok, I may be a noob, but how can I tell if Tor is working? I installed, and have it enabled in my browser (firefox) and then go to a place to shows my ip and location, spot on. So it's not working or I'm not using it right.

Edit: Ok, simple fix, I had foxyproxy enabled. As soon as I disable it, Tor worked, I was trying to use TOR with privoxy so foxyproxy must have been interfering.

Does anyone know a way to use a flash page anonymously? The page in question is 100% in flash. My login is now ignored, I'm guessing I'm identified by my IP address. I have a public wifi to use to access the site for the time being, but I'm using a macro on the site which violates it's terms, so, I've taken more steps to make my macro seem less like a macro, and hopefully I won't run into the same problem, but if I do, I'm curious if there's a way to browse a flash site without the site knowing who I am.

The people saying tor will make you safer aren't correct. The people saying tor might make you safer, that's more accurate. No one has seemed to mention the fact that it could have the opposite effect. Who's to say a good percent of the nodes aren't FBI honeypots? Hit a couple of them and you'd have been better off not using a proxy at all.

Your ISP almost definitely isn't watching unless they have a reason to.

Connect to a honeypot, and that's reason enough for the person running it to watch you.

The people saying tor will make you safer aren't correct. The people saying tor might make you safer, that's more accurate. No one has seemed to mention the fact that it could have the opposite effect. Who's to say a good percent of the nodes aren't FBI honeypots? Hit a couple of them and you'd have been better off not using a proxy at all.

Your ISP almost definitely isn't watching unless they have a reason to.

Connect to a honeypot, and that's reason enough for the person running it to watch you.

But you do realise that there is thousands of nodes connected to the tor network and you have 3 of them?

As an example, if there was 1000 nodes, and 100 of them were compromised,
You have a 1 in 10 chance of hitting one of the compromised nodes each time, you have 3 chances.
So in total, even if they had compromised 100 of those 1000 nodes, you'd still only have a 1 in 1000 chance, and I doubt there is anywhere near that number compromised, and that there are probably way more nodes in total than 1000.

But you do realise that there is thousands of nodes connected to the tor network and you have 3 of them?

As an example, if there was 1000 nodes, and 100 of them were compromised,
You have a 1 in 10 chance of hitting one of the compromised nodes each time, you have 3 chances.
So in total, even if they had compromised 100 of those 1000 nodes, you'd still only have a 1 in 1000 chance, and I doubt there is anywhere near that number compromised, and that there are probably way more nodes in total than 1000.

That's all opinion, of course.

You're not proving in which order the nodes are assigned, either. If it's the fastest one, then your numbers are irrelevant. If it's the closest one, then your numbers are irrelevant. If it's in order - then eventually - someone will get connected to the FBI honeypots - and since you got to throw in your beliefs - let's say for the sake of argument that the people who do connect are locked up within 24 hours (or their computers are confiscated). That's -1 person out of the pool, and +1 chance you'll connect to one of the honeypots.

The fact remains. However small you believe the chance is - there is still a possibility that by using tor - you could be worse off than having not used it (assuming you're doing something illegal, which has been implied all throughout this thread). If it comes to your safety/privacy - you're probably using a proxy to eliminate the 'chance' of getting nailed - which is counter productive when you introduce a something that wouldn't be a threat otherwise.

Edit: +2 if they were acting as a server.

That's all opinion, of course.

You're not proving in which order the nodes are assigned, either. If it's the fastest one, then your numbers are irrelevant. If it's the closest one, then your numbers are irrelevant. If it's in order - then eventually - someone will get connected to the FBI honeypots - and since you got to throw in your beliefs - let's say for the sake of argument that the people who do connect are locked up within 24 hours (or their computers are confiscated). That's -1 person out of the pool, and +1 chance you'll connect to one of the honeypots.

The fact remains. However small you believe the chance is - there is still a possibility that by using tor - you could be worse off than having not used it (assuming you're doing something illegal, which has been implied all throughout this thread). If it comes to your safety/privacy - you're probably using a proxy to eliminate the 'chance' of getting nailed - which is counter productive when you introduce a something that wouldn't be a threat otherwise.

Edit: +2 if they were acting as a server.

Ok ..
a)You have to specifically set up a computer to act as a node, it isn't automatic. The number of users is often more than the number of servers on the tor network, and a large proportion do absolutely nothing illegal.
b)All traffic is encrypted, the servers in the chain apart from the one you connect to and the one that it exits through have no idea where it's come from or going to. To anyone looking at the data it's simply an encrypted data stream, which could be a shitload of different things ..
c)The nodes are, in fact, chosen completely randomly.
d) There is a list of nodes on core which are ones reported by users to be compromised, you can exclude these nodes if you so wish.
e)I'd much rather use tor if I was doing illegal activity than not use it, it adds an extra layer of (good) security.
f)There's not been any known attacks etc on the tor network, the police have only managed to shut down a few exit nodes on some vague terms, because they had seen those servers requesting illegal data.
g)Tor, combined with other security measures, such as using privoxy with it, connecting through wireless internet at random places, MAC address spoofing, can be pretty great security ..

g)Tor, combined with other security measures, such as using privoxy with it, connecting through wireless internet at random places, MAC address spoofing, can be pretty great security ..

If you do the aforementioned and use SOCKS5, how could you ever be caught if you were doing that?

It'd take a shitload of resources to subpoena all the necessary information and trace the source all the way back from it's origin, and even then they hit a dead end at some idiots unencrypted Linksys wireless router nowhere near where you live, the MAC address is fake, and you're long gone.

Shouldn't that make you pretty much bulletproof?

If you do the aforementioned and use SOCKS5, how could you ever be caught if you were doing that?

It'd take a shitload of resources to subpoena all the necessary information and trace the source all the way back from it's origin, and even then they hit a dead end at some idiots unencrypted Linksys wireless router nowhere near where you live, the MAC address is fake, and you're long gone.

Shouldn't that make you pretty much bulletproof?

Pretty much. By the time they get to origin (if they do) security tapes could be gone (if there even are any) and people most likely won't remember seeing you (if anyone did see you). If you were wearing big sunglasses and a baseball hat/hoodie then you're good to go.

Basically there's a large network of computers for the Tor system, thousands of them, the tor software randomly picks 3 (I think it was) of them for your traffic to tunnel through,

average is 6.

I have tor and I can't figure out how to get onto that .onion page.

I have no idea what to do.... can someone help me
please?

are you running firefox? is the torbutton extension included?

I wasn't even going to post and I don't really want to get into it so I'm just going to say don't use TOR from your home for anything illegal or important.

ditto. Use a Library, Public Wifi or something
to that extent to make it harder. Especially if youre running Windows OS.

How does tor work though? I downloaded it a few days ago and do you have to use the firerfox included?

You don't have to but it makes it damn easier to configure. I'm not sure about how you do it. Probably config from tools-options and the like


f)There's not been any known attacks etc on the tor network, the police have only managed to shut down a few exit nodes on some vague terms, because they had seen those servers requesting illegal data.

some antis tried a DoS attack on some child porn sites hosted on Tor. It instead caused the whole network to brownout. Newer versions need to have a method of isolating that.

Tor doesn't give greater security to your data, it gives greater anonymity (that was a bastard to spell correctly, btw) as to who is sending/recieving data.

It will make it look like your traffic is coming from someplace other than it really is. HOWEVER, if you inadvertently send things to identify where you really are, then its all for nothing.

Many sites can "trick" (or simply ask) your browser/computer what your external IP really is through, java, perl, flash, whatever, etc and you will inadvertently send it to them. The noscript (IIRC) Firefox plugin could help with this, but its no guarantee that you wont inadvertently fuck yourself somehow. Which sites will and wont try to get this for some reason? Now... If your using Privoxy with tor, it could help scrub identifiable info... if its set up to do so. I haven't looked into Privoxy all that much, but it is just that, a filtering web proxy. You would also want to look into that user agent switcher plugin, and refcontrol, which can further control what info you possibly unknowingly send to sites about where you were referred from, whatever site you were at before...

In addition. Random programs you don't pay attention to could unwittingly give away your real external IP. Have anything that updates in the background? Or sends "anonymous" usage information? It isn't limited to what sites you visit with your browser either, some of Firefox's plugins can give away your info. Which ones? Hell if I know.

I keep a bookmark toolbar folder "checks" with bookmarks for various IP, tor, proxy, etc checking sites and links to tor documentation, default router passwords, a list of user-agents, portforward.com, and some connection speed test sites. So no matter where I am I can quickly get any info I need. For checking if tor is working properly I find this site most useful:
http://torcheck.xenobite.eu/
(there is also a https "mode")

**NEVER LOG IN SOMEWHERE UNLESS ITS SECURE HTTPS** (though if someone is clever enough and determined enough they can still spoof it as I understand it. IE you think your going to gmail and it looks secure and all and next thing you know you got no where and your wifi owner got your email and pass... correct me if im wrong here... iirc it would be a shit ton of work, but possible)

(Note, having not messed around with VPN shit before, this could be way off, this is just how I understand it with what I have read.. but its been a while, if you know something is wrong, please correct me, VPN shit is something I'm very interested in learning more about, I just havn't had any free time lately.)
If your wanting secure safe browsing for checking email and shit at public hotspots and random open wifi spots you come across... without inadvertently sending something identifying or useful in plaintext... secure VPN tunneling to one of your computers on your home network, then checking it from there is the safest way as I understand it as the traffic that is sent through the network is almost completely encrypted, so there is no way that the controller of the wifi can pick up any useful plaintext info via a traffic sniffer like wireshark (iirc)... Now this doesn't really help if your wanting to do illegal shit... Unless you can set up a VPN connection with some computer in a country where it isn't illegal, and going from there. You would still have to be careful about inadvertently sending your real location, but yeah. I can only really imagine this being useful for pirating shit...

If that Tor check site could tell that your data is coming from a Tor exit node, other sites could find this out to, so tor isn't guaranteed to work anyways. The site might just recognize it as a Tor exit node and deny you. This is common with trying to use Tor on IRC. I have actually inadvertently tried connecting to IRC servers forgetting that I was using Tor and they shut me out. Your mileage may vary. The Tor network can be quite slow. You might consider helping relay traffic for other tor users, I'm mixed as to if this will actually help or hurt your anonymity... your ISP may come knocking.

To recap:
*Tor helps anonymity, NOT security.
*You can unknowingly shoot yourself in the foot.
*Good for visiting sites when you prefer that your browsing/searching patterns aren't collected and analyzed. Good for browsing pages that you would rather not be found browsing.
*privoxy can help. noscript can help (disable java/flash/etc). refcontrol can help. user agent switcher helps. torbutton rocks.
*If you want to check your email at public random open wifi, tor isn't the answer as its for anonymizing, not securing, VPN is (?)

You can check what your sending in plain text with some program like wireshark (its been a while, i could be completely off)

Its late, if any of this is off... or way off. Please correct me.

I hope to see some awesome replies like tonight.

Many sites can "trick" (or simply ask) your browser/computer what your external IP really is through, java, perl, flash, whatever, etc and you will inadvertently send it to them. The noscript (IIRC) Firefox plugin could help with this,

Flashblock also helps regarding that. Flashblock blocks flash. and yes Noscript too


The Tor network can be quite slow. You might consider helping relay traffic for other tor users, I'm mixed as to if this will actually help or hurt your anonymity... your ISP may come knocking.

actually it does help your anonymity. There are more nodes and that makes it harder for whoever to find you because the tor cloud is bigger.

Warning: I have not read many of the posts in this thread, mainly the longer ones.

Tor (and it's spelled like that, not TOR) is a variation on the classic Onion Routing protocol. here's a somewhat short guide:

Onion Proxy = Tor daemon running on your box
Onion Router = Tor daemon routing traffic on the network (tor server, tor node, etc)
Exit = last node in the hop
Directory Server = server which has a list of all Onion Routers
Bridge = hidden (unlisted on dirserver) Onion Router
torrc = tor config file

When you start up your O.P, it downloads a list of nodes from the directory server, along with some identification keys. It then starts picking circuits of three hops (always three hops, unless you modify the source code) of three OR's.

The OR's in these circuits are selected for a variety of qualities. Bandwidth is one, but geographic location is another, as is latency and ownership. You can specify nodes to blacklist/whitelist in your torrc. You will never get a circuit all owned by the same person (if they have their nodes configured honestly) and you will never get a circuit all in one jurisdiction.

Tor uses public key crypto to create (using ephemeral keys) encrypted tunnels between circuits. The crypto is wrapped around the data like an onion; each OR along the circuit peels off one layer until the real data is left at the Exit, which then forwards it to the site you're communicating with. After the site responds, the exit encrypts the response and sends it to the node nearest it in the chain, which does the same until the data gets back to you. Only the exit node knows its position in the circuit. All others (including the entry node) could be in either of the two positions.

Of course, Tor only provides anonymity, not security. You are putting your data through a completely untrusted network (you do that anyways, but in this case it's super-untrusted). Always use end-to-end encryption, like OTR IM messaging and HTTPS/other SSL protocols.

Tor also supports hidden servers. In this case, a server publishes a hidden service descriptor to directories, which then allow Tor clients to negotiate a connection to the hidden service. This is done by selecting certain introduction points to the service, which then allow the client and server to negotiate a rendezvous point. At this RP, the client and the server communicate over two Tor circuits (one from the client to the RP, and one from the server to the RP). This makes a six-hop chain. Note that all data sent to a hidden service is secure from eavesdropping, as it will be encrypted with the public key of the hidden service.

Tor is almost definitely impossible for a minor agency like the FBI or for any US state police or other local police to crack. The only organizations which could compromise Tor are those who have the capacity to monitor the internet connections everywhere. There are other attacks on Tor which you can read about elsewhere on the 'net. There are around 5000 nodes in the Tor network, with about half of that online at any given time (if not more, I'm being conservative) and those numbers are growing. It's impossible now for any hostile entity to compromise Tor just by running a lot of nodes, no matter how high-bandwidth they are.

Note well that Tor will only anonymize the location of your traffic: It can't magically strip out identifying elements from the transmitted data. This means that certain protocols like SMTP are somewhat insecure over Tor. Note also that improperly-configured browsers will reveal your identity, via client-side executing content (such as flash, javascript, and java). I have a howto for anonymizing IM and Browsing in the sticky, but it might be easier to download the Onion Browsing Bundle and the Onion IM Bundle from the Tor website, torproject.org (http://torproject.org).