Going full private/dark on the net with Tor?

Hi.

I interested in how you set things up for zero leakage of data?

I’m interested in politics, but want to fly under the radar and keep away from all the nut jobs out there, in that space. But, I understand, that even while you use Tor, parts of your software and system can be back channeling information, revealing your identity. Such as playing a video or android system or hacker stuff dumping information (I’m going be using Android). But, how do you go fully private, and setup a website and forum site, communications, and surf, without anybody seeing information on you.

For instance, I had to sign-up with an email here, and the link on the verification email sent me to chrome instead of Tor browser, to complete the process. So, two big G’s (or thee or several, maybe a F too) know I’m here, and maybe my identity here too. :slight_smile:

Another thing is, I don’t understand all the settings in Torbrowser and orbot. They didn’t pack a helpfule to describe what you should do.

Thanks.

Re-edit: I should add: This is also a question of what cooperative apps, hosting services for websites, blogs, videos, audio and forums/subforums anonymously exists, that are also practical in censorship or low or no censorship? Any such ones offer revenue as well (have a few other projects aswell)?

Hello.

For a technical deep-dive into all considerations that have went into designing Tor Browser, please have a look at the design docs. Also see Hardening · Tor Browser. (I’m assuming you have asked about Tor Browser, but if you’re more interested in the Tor Protocol, do have look at the spec).

You can setup a Onion Service. (Setup guide.) Onion services allow people to browse but also to publish anonymously, including publishing anonymous websites. Onion services are also relied on for metadata-free chat and file sharing, safer interaction between journalists and their sources like with SecureDrop or OnionShare, safer software updates, and more secure ways to reach popular websites like Facebook, Twitter.

I believe this happened because you have Chrome set as your default browser and your email client simply opened it in that browser when you clicked on the link :slight_smile:
The Tor Forum is fully accessible (signing up, verification, reading, posting, etc. ) over Tor given that you are at least on ‘Safer’ Security Setting on Tor Browser (i.e. JS enabled).

There is a neat ‘Onboarding’ (click on the purple onion icon in the top left on the ‘About Tor’ homepage when you launch the browser) which gives the users a quick overview.

Also have a look at the Tor Browser User Manual (linked on the ‘About Tor’ homepage as well).

1 Like

Other option that you can consider is using an operating system like Tails. Check out what they are doing at https://tails.boum.org/

3 Likes

This topic was automatically closed 2 hours after the last reply. New replies are no longer allowed.

The previous topic got closed accidentally. I received some good information, but hardly anything related to the issues on using Android. The option to use standard android devices and services are desirable rather than rooting replacing Android with another device some or Linux, or carrying a second Linux device. What is needed is to take android. I’ve come up with some solutions of bits and pieces needed to go fully anonymous. I am desiring to be dark from private actors. Paid services used anonymously, should be used.

Previous thread:

I’m sorry if the list is convoluted, but it progressively covers items needed for a more and more complete solution:

[quote][quote=“sortof, post:1, topic:2624, full:true”]
Hi.

I interested in how you set things up for zero leakage of data?

I’m interested in politics, but want to fly under the radar and keep away from all the nut jobs out there, in that space. But, I understand, that even while you use Tor, parts of your software and system can be back channeling information, revealing your identity. Such as playing a video or android system or hacker stuff dumping information (I’m going be using Android). But, how do you go fully private, and setup a website and forum site, communications, and surf, without anybody seeing information on you.

For instance, I had to sign-up with an email here, and the link on the verification email sent me to chrome instead of Tor browser, to complete the process. So, two big G’s (or thee or several, maybe a F too) know I’m here, and maybe my identity here too. :slight_smile:

Another thing is, I don’t understand all the settings in Torbrowser and orbot. They didn’t pack a helpfule to describe what you should do.

Thanks.

Re-edit: I should add: This is also a question of what cooperative apps, hosting services for websites, blogs, videos, audio and forums/subforums anonymously exists, that are also practical in censorship or low or no censorship? Any such ones offer revenue as well (have a few other projects aswell)?
[/quote]

Ok. Sorry back, but as I’m unfamiliar with the controls and they are unlabled (as is the fashion since around android). So, I’ve accidentally selected champions response as a solution, trying to figure out how to quote his text.

Anyway, 100% how to do this on Android, which leaks data like a sifter.

  • System account sync and services leaks.

  • Any external service, such as video playing, google keyboard leaks information.

  • Google’s and F etc, cookie and other tracking ecosystem.

  • Everybodies leakage on Android.

So, I’ll ask about solutions for these and end publishing services. Pretty much looking for do it all apps rather them technical explanations.

Questions:

  • Sand boxing hypervising the torbrowsing experience, with its own secure keyboard spell checking services. Publishing document editor video etc (or secure versions in each it’s own Sandbox/hypervisor, like tails does on Linux).

  • All other traffic and system trafficking channeled, constrained and filterable (sandbox like), with false reporting. Such as to device (if possible) and google or others nothing appears to be happening, or something else appears that be happening, and different location, and timer set publishing release encrypted randomised time. Such, as it appears that data is happening but the published data timing leaks out in amongst the data, so time of publishing cannot be associated directly with a commit to publish on the user side (and extension would be that this data commit could happen anytime throughout random sections of the day the day, by having a constant data drip, which it is hidden in, even when phone is inactive. This would altert something is on your phone doing this, but not what and when actual things happen.

The above would constrain the data with false reporting, and of constrain what is running. Such a scheme was doable on the communications side years ago, using a VPN to make a firewall to capture all channels (but that disappeared, and who knows what they were capturing with those VPN services back then). So, the VPN might just channel the data back over the normal phone cellular data channels, just capturing and releasing, however, by using an actual tor service as VPN, and blocking or false reporting location, the data location could anonymised, made to aoiesr somewhere, or at a exit point location in the world. Each data channel has a virtual channel in and out, so that different pages and services dint appear connected by channel, and more anonymization would be needed to stop them from seeing each other, system details, apps and running services list and local networks etc, but it’s a start.

Combined with an list service to identify of spy services, apps, sites and behaviour, with neutralisation strategy and auto strategy, it would get around most android leaks.

A physical firewall intercept device attached around the attena area, to relay and release would work completely. This could be a phone in case strategy, where, at its simplest, the case is a consealed hotspot (only device can see it) and all other signals are blocked. The case can have its own wifi and cellular modem. The phone recieves signalling indicating it’s in Iceland, when it’s in the desert of Saudi Arabia. The local cellular network sees just encrypted data with an isolated celluar data service, and is blank to the actual phone’s identitiy. Of course, nobody who has something thinks like this, so such a thing is unlikely to be out there on this side of the other side. The isolated cellular in case looks suspicious, but if everybody does it, or it pretends to appear as another type of phone or same model of phone but different phone, and everybody uses cases, then it appears as non/suspicious as every other person doing it. This virtually closes the loop, except they will use ultrasonic or watermarked audio signalling, or other interfaces or screen light, or modulating the em feild by controlling the processing, to relay information (which the otherside, probably hasn’t figured out). You could go completely dark then, except the onion router could be upgraded to enhance this. I had an idea, but should mean that Tor network would need to anonymously charge to afford it. But, I can’t get into learning other people’s stuff. No fuss, it handles everything, with nice exception dialogues and options, is the way to go to get the wider public to use tor as standard.

The whole, you have chrome as default browser as to why it passes the confidential session link to chrome, breaking anonymity, is a classic case. What I was pointing out, is that there was no link process that detected the link to your browser. There was no forum signup linked to the browser notification/messaging service, with backup key, instead of email option. But such is. The minimum parts above, gets me away from being indentified by private actors, which is mostly what I need. You have to trust your state, if you can.[/quote]

Please don’t close this thread?

A post was split to a new topic: Why tor service establish this connection to ip 5.9.121.207?

I’m not following what this split off post has to do with this thread?

Thanks for restoring the thread, but maybe using the title of the new thread, mentioning Android, would attract better answers?

Thanks.

1 Like

@sortoff Did you check out CalyxOS? https://calyxos.org/

1 Like