/d/OpSec icon

/d/OpSec

15,203 subscribers

Discussion about OpSec, Threat Models, Protection, Assessment and Countermeasures.

For the Newcomer & those Who Need to Remember (Pinned post)

by /u/HeadJanitor Moderator · 22 votes · 2 weeks ago

PRIVACY
If you don’t want your hotel or your ISP to know you use Tor, use a VPN.
(The VPN will be your first hop.) Never use a free VPN (marketeer-Promoter/business or academic one).
Entering Tor, first you will be presented with an Entry Guard. The Entry Guard may stay with you for 2-3 months. Set your browser’s homepage to “About Tor” or “Blank Page.
The only BIG one.
Most importantly, go to about:config and manually disable JavaScript. This is the most important note in this whole post, so I will repeat it. Most importantly, go to about:config and manually disable JavaScript. Graphically set Tor to “Safest Mode” under “Privacy & Security” | Security (if you have that option).
When using the Tor browser, never click a Clearnet link (example: www.new.com/major-emergencry/); you will give yourself away and may encounter the Malicious Exit-Guard. Switch to a Clearnet browser for that purpose.
IN THE MARKETPLACE When you arrive at the marketplace? Time to switch gears to intuition and logic. How did you arrive here? Did you click on some link? Did you blindly trust some link?
[/td] Verify and authenticate the marketplace. Learn to do so. Don’t be afraid to ask how. Practice.
When you are in a market, calm down, go especially slow during checkout and double-check what you are submitting.
ALWAYS encrypt your personal information and NEVER let the market do it for you. That was an always statement. Remember it.
Be courteous with the vendor. Remember; you are anxious, he is rushed. You might have to learn to wait. Don’t let your deal Auto-Finalize. That’s your responsibility.
Absolutely never pay the marketplace from the legitimate cryptocurrency exchange. That was an always statement. Remember it. You pay from your own wallet.
When making the transfer, add an extra dollar or two for the transfer to make sure you do not come up short and have to re-do the process. Markets tend to hike up actual prices and add transfers fees and you don’t want an exact monetary exchange taking place. The rest stays in your wallet.
SAFETY & SECURITY Do not under any circumstances be complacent when in the marketplace. If you are tired, wait another day. It won’t kill you and you will reduce your risk of doing something irreversible. This isn't Amazon.
Product Reviews Do not upload photos to a Clearnet website. You are uploading physical evidence of a potential criminal prosecution what you obtained and possibility used in a crime and signing for it and the property no longer belongs to you once you have uploaded it, especially since it is now on the Clearnet time-stamped with the IP you visited and your browser data.
Security Tor keeps a decentralized distributed hash table between onion relays. So, by exiting dread's onion and connecting to a .com site you then exit the safety of TOR's network, resolve for a DNS, give that domain your IP, make a handshake and access it and along the way you may encounter the Malicious Exit Node.
Security If you want more anonymity, do not mix together the two worlds.
Security When you visit a hidden service (like Dread), it works differently as there are no IP addresses involved; the hidden service connects (over TOR) to a non-egress node called a “rendezvous server” and you ALSO connect to that same rendezvous server (also over TOR) - the rendezvous server then joins up the two connections and you don't lose your anonymity.
CERTAINTY “How do you know you are on Dread?”
Look at the bottom footer. Find the Canary and Bookmark /u/Paris’s Main Dread URL. That URL will never change.
Do not under any under circumstances trust dark.fail or any other 2nd, 3rd, 4th party. Learn to be self-reliant.
Read the latest copy of the DNM Bible.
If you did not understand something ask a trusted moderator or post a question in the correct sub-dread.
Don't be afraid. This just might be serious, but not at first.
Fingerprint attacks are getting more sophisticated by the day.
GPG Learn GPG/PGP/OpenPGP like your life depends on it. We are on PGP version 2.3.3 but GPG 1.4.23 still works fine. The point being — use it to encrypt your message to the vendor — no matter what. That was an always statement. Remember it. NEVER make a PGP key online. Set RSA Keys to 4096 and expiration to never and use a strong pass-phase key.
TOOLS Make use of obfs4 bridges they are fantastic in protecting your anonymity and I personally get speeds of up to 6.4 Mbps
TRICKS Avoid the Exit Node: how? Once you are done with Dread or with your Market logout and close the browser. Do not go elsewhere. It ends right then and there. Shutdown.
TRICKS The more people there are on Tor/Dread — the safer you are. Embrace the benefits of osf4 bridges.
K.I.S.S. Learn to practice patience. Do not count weekends. Do not repeatedly message the vendor. You are one of many clients and all this involves risks. Join sub-forums. Read and write reviews. Engage in the community. It will give you a whole new sense of understanding and will open doors for you.
Very important: Use a different username for each market.
Very important: Tor has A LOT of vulnerabilities — all the more reasons for you to be on guard.
Very important: Passwords are your greatest weakness. Learn to rely on KeepPassXC.
Very important: Learn to rely on KeepPassXC for your passwords and bookmarks.
Very important: Never re-use the same password.
Very important: Use a different PGP for each market. Don't leave trails.
Very important: Never log into two or more sessions at once.
Very important: Never log into two or more sessions at once.
Very important: Never log into two or more sessions at once. EVEN at different sites.
Why: This was written by an anonymous /d/Dread user named /u/HeadJanitor in /d/OpSec for the newcomer at Dread and those who need to be reminded. I have a built-in forgetter. Question everything I've written; do your own research. Do not be afraid to ask questions, it could end up saving your ass. Dread is your safety but so are you. Don't allow people to make you feel less than if you use Windows. You are normal. You'll soon to learn new things.
Comments (92)
/u/Gorgon · 4 votes · 2 weeks ago · Link

If you are tired, wait another day -- I would change this to: If you are tired, or drunk, or stoned/baked, wait another day.

> Learn GPG/PGP/OpenPGP like your life depends on it.

> We are on PGP version 2.3.3 but GPG 1.4.23 still works fine.

> The point being — use it to encrypt your message to the vendor — no matter what. That was an always statement. Remember it.

Indeed. There was a beloved vendor on Silk Road by the name of PlutoPete. He and his associates ran an online headshop, which still exists. His business was legal, he kept proper business records and paid his taxes. The goods he sold were perfectly legal -- one of the main items was heat-sealable mylar bags. Many of the people he sold to used these bags to prepare drugs for shipment in the mails. He had a PGP key, but he didn't always use PGP when corresponding with his customers using Silk Road's PM system. This is what brought him down. He spoke of being in court, and listening while his cleartext PMs were read aloud into evidence against him. The problem wasn't with the mylar bags themselves -- they were (and are) perfectly legal -- it was who he sold them to, and what use his customers made of them. In the eyes of that law, that made him an accessory after the fact, for which he spent something like 3-1/2 years in prison. He stated that if he had used PGP consistently, he never would have gone to jail.

/u/[deleted] · 2 votes · 1 week ago · Link

[removed]

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

Oh, man. I loved reading this -- the honesty about being not just being tired but 'out of it' and the wisdom it takes to pause and say 'wait another day'.

Makes me sad to hear of such devastating misfortune: hearing your own words read back to you.

Just the other day I was trying to figure out how I could create a gpg2 RSA cypher 4096 with ECC Ed22519 and embed it into Dread -- but it cannot be done. The best I could do was an 8192 key. I removed it to add proper subkeys.

Listen, I really appreciate you taking the time to teach us this valuable lesson here. It's surely a sad ending but hopefully his life changed, somehow, for the better. It sure hit home.

/u/Gorgon · 1 votes · 2 weeks ago · Link

> Just the other day I was trying to figure out how I could create a gpg2 RSA cypher 4096 with ECC Ed22519 and embed it into

> Dread -- but it cannot be done. The best I could do was an 8192 key. I removed it to add proper subkeys.

You mean a key like this?

pub rsa4096/0x0DF5A849E873BC8A 2021-11-19 [SC]

79519B1661295FC9A5B11EC80DF5A849E873BC8A

uid [ unknown] Test <Test@Test>

sub cv25519/0x01A7CF69F301EAFF 2021-11-19 [E]

The trick is generating a regular 4096-bit key, then editing the key to remove the RSA sub-key, and using the addkey command to add an ed25519 encryption sub-key. Takes about 30 seconds.

Haven't tried embedding it into a Dread account yet, but generating the key is simple when you know how.

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

Please select what kind of key you want:

(1) RSA and RSA (default)

(2) DSA and Elgamal

(3) DSA (sign only)

(4) RSA (sign only)

(7) DSA (set your own capabilities)

(8) RSA (set your own capabilities)

(9) ECC and ECC

(10) ECC (sign only)

(11) ECC (set your own capabilities)

Your selection? 9

Please select which elliptic curve you want:

(1) Curve 25519

(2) NIST P-256

(3) NIST P-384

(4) NIST P-521

(5) Brainpool P-256

(6) Brainpool P-384

(7) Brainpool P-512

(8) secp256k1

Your selection? 1

0 = key does not expire

Is this correct? (y/N) y

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o

ed25519/7C406DB5 is the primary key, and cv25519/DF7B31B1 is encryption subkey.

Next, we add authentication subkey which can be used with OpenSSH. We invoke gpg frontend with --edit-key and the key ID.

$ gpg2 --expert --edit-key 7C406DB5

gpg (GnuPG) 2.1.8; Copyright (C) 2015 Free Software Foundation, Inc.

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec ed25519/7C406DB5

created: 2015-09-11 expires: never usage: SC

trust: ultimate validity: ultimate

ssb cv25519/DF7B31B1

created: 2015-09-11 expires: never usage: E

We invoke addkey subcommand.

gpg> addkey

It asks a kind of key, we input 11 to select ECC for authentication.

Please select what kind of key you want:

(3) DSA (sign only)

(4) RSA (sign only)

(5) Elgamal (encrypt only)

(6) RSA (encrypt only)

(7) DSA (set your own capabilities)

(8) RSA (set your own capabilities)

(10) ECC (sign only)

(11) ECC (set your own capabilities)

(12) ECC (encrypt only)

(13) Existing key

Your selection? 11

Possible actions for a ECDSA key: Sign Authenticate

Current allowed actions: Sign

(S) Toggle the sign capability

(A) Toggle the authenticate capability

(Q) Finished

Your selection? a

Possible actions for a ECDSA key: Sign Authenticate

Current allowed actions: Sign Authenticate

(S) Toggle the sign capability

(A) Toggle the authenticate capability

(Q) Finished

Your selection? s

Possible actions for a ECDSA key: Sign Authenticate

Current allowed actions: Authenticate

(S) Toggle the sign capability

(A) Toggle the authenticate capability

(Q) Finished

Your selection? q

Then, it asks which curve. We input 1 for "Curve25519".

Please select which elliptic curve you want:

(1) Curve 25519

(2) NIST P-256

(3) NIST P-384

(4) NIST P-521

(5) Brainpool P-256

(6) Brainpool P-384

(7) Brainpool P-512

(8) secp256k1

Your selection? 1

It asks confirmation. We say y.

gpg: WARNING: Curve25519 is not yet part of the OpenPGP standard.

Use this curve anyway? (y/N) y

Really create? (y/N) y

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

Yeah, won't embed. Fine by me. Just tinkering.

/u/Gorgon · 1 votes · 2 weeks ago · Link

Fair enough. Don't really see what the point would be, in the sense that the key would not be usable by people still using GnuPG 1.4.23, for example. Nevertheless, it is still interesting to see how far the software can be pushed.

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

My thoughts exactly. I'll keep it realistic is 4096 and 2 subkeys, revocation key, monster entropy, but like you brilliantly wrote, it is still interesting to see how far the software can be pushed.

/u/waxwing · 1 votes · 2 weeks ago · Link

I always wondered what happened to him - thanks for the info.

/u/BravoLava · 2 votes · 2 weeks ago · Link

Thank you, this is great!

One question: why never log into more than 2 sessions at once? Do you mean having multiple tabs open and logging into different forums/markets on each tab?

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

It is about being time-correlated. Your session/circuit was at two places at the same exact time creating a symmetric session key with a relay node making it all the more possible to fingerprint you and/or your transaction because of the way sessions work in Tor -- multiple TCP streams over one session.

/u/BravoLava · 1 votes · 2 weeks ago · Link

Gotcha. Thanks.

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

No prob. Have a great day. Be safe & have fun.

/u/MaNiToBa · 1 votes · 2 weeks ago · Link

Taking advises very seriously, Thanks!

Question: What is the proper way? If, for example, am in dread:

- Not to navigate to any other site?

- When I need to go to other sites:

a) get a new identity?

b) get a new Tor circuit for this site?

c) close the tor browser completely and open again?

d) all of the above?

Thanks!

/u/HeadJanitor Moderator OP · 2 votes · 2 weeks ago · Link

a) a new identity when you want to go from Dread to a marketplace

b) a new circuit when things are very slow

c) close the browser when you are done to avoid encountering a malicious exit node

/u/aClockworkTangerine · 1 votes · 2 weeks ago · Link

The only free vpns I'd trust are Calyx and riseup no others

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

The Calyx Institute is a privacy supporter who has fought for constitutional freedoms; that goes beyond a saying. I have no opinion on Riseup; they're too veiled for me. My emphasis was on things like 'Windscribe' and 'Proton VPN,' of course.

/u/Cdf22DFD8Hj · 1 votes · 2 weeks ago · Link

https://calyx.net/ this one?

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

Yes, that's their VPN for Android, Linux, Windows and Mac.

/u/Cdf22DFD8Hj · 1 votes · 2 weeks ago · Link

when I try to download it, I get the error on tor for a security risk

##Someone could be trying to impersonate the site and you should not continue.#Error code: SEC_ERROR_UNKNOWN_ISSUER#

Is it save to continue ?

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

Are you familiar with F-Droid?

/u/Cdf22DFD8Hj · 1 votes · 2 weeks ago · Link

I am not unfortunately

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

F-Droid is a repository like the Google Play store.

We'll get to this tomorrow unless someone helps you out first.

It is safe.

/u/Cdf22DFD8Hj · 1 votes · 2 weeks ago · Link

ok so I will download f-droid first and then I can find calyx in the f-droid app. Thanks a lot man

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

Is this for a phone or desktop?

/u/Cdf22DFD8Hj · 1 votes · 2 weeks ago · Link

android phone

/u/Cdf22DFD8Hj · 1 votes · 2 weeks ago · Link

oh 1 more thing. calyx also hides my ip when using the google authenticator app ya?

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

As a VPN, it ought to.

You are going to need a software like ES File Explorer or CS File Explorer, perhaps, to install. I'm not into phones much but I've used F-Droid plenty.

/u/Cdf22DFD8Hj · 1 votes · 2 weeks ago · Link

ok will check it out. thanks a lot man

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

Anytime. Let me know how it goes. You will have to give you phone to give permission to the software to install the software.

Also, For higher security, we recommend you create your account via the Bitmask application instead.

/u/KingBarthurOfXanalot · 1 votes · 2 weeks ago · Link

One should use Tor bridges instead of a VPN if the concern is hiding Tor traffic.

Also why do you not recommend visiting a clearnet URL from within Tor? "you will give yourself away and may encounter the malicious exit-guard?" You are only "giving yourself away" to the person looking at the httpd logs of the clearnet site, and visiting a clearnet URL doesn't expose you to malicious /exit nodes/ (not exit-guards) more than visiting any hidden service would.

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

Short-reply: how does one know whom is the malicious exit node? My current readings were at 31% in a last publication from 2020.

/u/KingBarthurOfXanalot · 1 votes · 2 weeks ago · Link

In short we really have no way of identifying exit nodes controlled by nation states or actors with malicious intent (correlation attacks).

edit: not to say that it can't be done by those putting much time and effort into it (read: Tor developers, engineers), but as the end-user it is beyond the scope of our resources.

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

I have plenty of research on such. So much I don't have time to read the academic papers. The research is vast and deep. It's hitting modern-Internet publication and it isn't even academic. The tests they are doing these days, the scopes have widened and are all-encompassing.

Here's the first I found that looked merely decent and isn't even accredited.

https://nusenu.medium.com/tracking-one-year-of-malicious-tor-exit-relay-activities-part-ii-85c80875c5df

/u/KingBarthurOfXanalot · 1 votes · 2 weeks ago · Link

As long as the Tor engineers and researchers are vigilant at identifying the malicious nodes and blacklisting them from the Tor directory then there is hope. For the end-user, when we are engaged in discussions meant to be kept private as long as we have PGP and other encryption to rely on, the worry should be minimal.

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

It's a few good souls versus nation-states, including our very own. We make the tools that infiltrate Onion Routing. It took ~20 years but it's just beginning. We're in a new era of crime and though the little guy buying his bag might not get hurt the system the deanonymizing of Tor hidden service gets closer and fingerprinting has reached close enough to what an engineer would deem as success. Grace is keeping this thing going.

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

I have obtained governmental papers in which they are implementing two new measures of printing. I'm nowhere done with those but Tor has what one would call 'blind luck'. THANK GOD.

/u/nuance · 1 votes · 2 weeks ago · Link

So a bridge does hide tor traffic from ISP? because that was my main concern and the reason I liked to use a VPN

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

No, a bridge doesn't 'necessarily' hide traffic from an ISP. Some do. Only some kinds of bridges. There are four kinds. The benefit of a bridge is that it mixes you in a vast crowd, making you much more difficult to web-fingerprint. The more you look like everyone else the safer you are; the more you stick out the easier it is to spot you.

/u/BitSnake · 1 votes · 2 weeks ago · Link

Very helpful guide to beginners and new people , thanks

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

Thank YOU very much. Without you these things don't come about.

/u/fapinator · 1 votes · 2 weeks ago · Link

So, silly question of the day... Where is this "about config" thing, or do I already have that covered by setting slider to safest?

Who is Entry Guard and is bad that they will stay with me for 2-3 months?

Im assuming osf4 bridges is the thing that Tor is offering to me when Tails first opens, either browse normally or browse using bridges(to hide from ISP the use of Tor)? If so, noted.

Having dread open the same time your on a market is not recommended?

How long can one hang out on dread? A market? Should we be keeping up time to a minimum, because theres alot to learn and I do not learn super fast.

In closing, how much danger would one be in if they had, say, fucked up on a couple of these topics a few times?

You said ask questions and im chalk full of em

-Fap

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

/u/fapinator today we learned PGP. Stick around. Remain teachable. It'll all come slowly. Dig deep in this sub-forum. Good stuff is to come. We'll get to it all, piece by piece.

/u/fapinator · 1 votes · 2 weeks ago · Link

Sorry if I am spewing. Its all a little daunting but very exciting. Window shopping around isn't helping me I dont think haha. I'll be here, thank you.

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

Type

about:config

accept

type 'Java'

TOGGLE JAVASCRIPT.ENABLED to FALSE!

/u/fapinator · 1 votes · 1 week ago · Link

where do i type about config though, thats the part i dont get

/u/HeadJanitor Moderator OP · 1 votes · 1 week ago · Link

In the URL address bar.

about:config

It currently states the website you are on.

/u/fapinator · 1 votes · 1 week ago · Link

Dude thats awesome thank you! Im assuming I need to do that everytime I start Tor? It doesnt seem like I can save settings/preferences on tor, as I tried to use your tip about the homepage, changing it to blank page. Browser always starts with tails homepage....

/u/HeadJanitor Moderator OP · 1 votes · 1 week ago · Link

If you are using Tails, you can leave the homepage as it is. It's the annoyance of having to constantly disable JavaScript but it is that serious and more.. I'll show you wants to set it permanently.

/u/fapinator · 1 votes · 6 days ago · Link

For now it will be the first thing I do after bridge connection. To be clear I have been setting slider to safest as well as doing the About:config bit...

/u/HeadJanitor Moderator OP · 1 votes · 6 days ago · Link

If someone were to ask you "what's the safest way to explore the Dark Web?" Your answer should be: disable JavaScript first and then proceed.

You got it.

/u/fapinator · 1 votes · 5 days ago · Link

Very well then.

/u/HeadJanitor Moderator OP · 1 votes · 5 days ago · Link

"␣"

/u/BigBrainTime · 1 votes · 2 weeks ago · Link

Why not use OBSF4 bridges instead of a VPN while on tails, which i think should be mentioned such as tails and whonix OS for darknet useage, as new people may just use windows

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

On Tails, by default, you are assigned two (2) obsf4 bridges, anew each time.

/u/BigBrainTime · 1 votes · 2 weeks ago · Link

Is ther a link to this?, i have had to go collect OBSF4 bridges from the tor website every couple weeks to input into my bridge settings, i know i can save when i put one in but ive never automatically been given one, unless tails detects it needs to, but id rather always use one

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

You want to get to this page (https://blog.torproject.org/new-release-tails-420/) and then select bridges.

/u/babohead · 1 votes · 2 weeks ago · Link

Don't tell me what to do!

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

Let this be my last warning, sir. That's all I ask.

/u/babohead · 1 votes · 2 weeks ago · Link

Just messin with a brosef!

/u/HeadJanitor Moderator OP · 2 votes · 2 weeks ago · Link

I know, brother.

/u/yuka_za · 1 votes · 2 weeks ago · Link

Such a good post thanks for summarize all of this

/u/HeadJanitor Moderator OP · 2 votes · 2 weeks ago · Link

/u/yuka_za, I thank you kindly. It gives me the encouragement to go further.

/u/Ikkaku333 · 1 votes · 2 weeks ago · Link

How where do I start learning GPG for messages? Ty in advance

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

What is your Operating System?

/u/MaNiToBa · 1 votes · 2 weeks ago · Link

About learning, in this case, GPG/PGP/OpenPGP, KeepPassXC, etc., am wondering which is the best way. Personally I love learning, I do everyday, but my preferred way to do so is YouTube. Now, knowing all about javascript, google and youtube information gathering routines, am skeptical of going to youtube and start viewing videos about all this topics, because it will be there, in that fuc***ing history, so, is there a safe way to watch videos, in sites like invidious, or do you have a suggestion of a better way to watch youtube videos "safely"? Again, Thanks a lot!

/u/HeadJanitor Moderator OP · 2 votes · 2 weeks ago · Link

Practice with this until you can import/export/sign/verify.

https://www.gpg4usb.org/

/u/MunMunMun OPSEC Munderator · 1 votes · 2 days ago · Link

If you want to go straight to the CLI, there is a guide in the wiki.

/u/nomad-traveller · 1 votes · 2 weeks ago · Link

Doesn't the exit node resolve your DNS? You make it sound as visiting a clearnet domain over TOR leaks your IP, which I don't think is the case.

/u/HeadJanitor Moderator OP · 1 votes · 2 weeks ago · Link

The exit node is a gateway computer whose main job is to decrypt you and prepare you for the clearnet. The clearnet sees and often complains that you just exited a Tor Exit node. The Tor Exit node sees your final departure from the Tor network.

/u/[deleted] · 1 votes · 1 week ago · Link

[removed]

/u/Viidakko_rummuttaja · 1 votes · 1 week ago · Link

"Never log into two or more sessions at once."

does this mean only 1-tab opened at any time? Or care to elaborate on this one... Like even the Formatting options button opens a new tab. Sry I'm a newb here.

/u/HeadJanitor Moderator OP · 1 votes · 1 week ago · Link

Don't log into Dread and use that same session (time period) to log into a market. Log out. Get a new Identity then log into the market (so the same session isn't at two places).

/u/Viidakko_rummuttaja · 1 votes · 1 week ago · Link

Ah i see, thank you. How was your day been?

/u/HeadJanitor Moderator OP · 1 votes · 1 week ago · Link

Thank you! Happy Thanksgiving to you from America. It's been an unusually great day and may it be for you as well.

/u/Viidakko_rummuttaja · 1 votes · 1 week ago · Link

Well, thank you. School stuff and video games. Can advocate life is bearable-ish, ok-ish.

/u/newbieforever2018 "You've got ★bail★" · 1 votes · 4 days ago · Link

Finally found this. Wow, very impressive. You should ask for a raise.

/u/HeadJanitor Moderator OP · 1 votes · 4 days ago · Link

Thank you, sir. Just glad that's there so I can have a point of reference for people. Wish the layout had adaptability so we could have a drop-down menu for guides as everything otherwise gets buried.

/u/newbieforever2018 "You've got ★bail★" · 1 votes · 4 days ago · Link

You could change the subread banner link "Tor browser security guide" to just "Guides" and then have this topic as one of the guides linked to.

/u/HeadJanitor Moderator OP · 1 votes · 3 days ago · Link

That's a damn brilliant idea. Wish I could "draft" a post. And then set them live at once. Will be considering this says the man with little time.

/u/newbieforever2018 "You've got ★bail★" · 1 votes · 3 days ago · Link

Thanks man but this doesn't have to be time consuming. Guides could just be numbered so number one would be a link to

"For the Newcomer & those Who Need to Remember"

this topic.

Number two would be a link to another topic such as "Tor browser security" etc.

/u/HeadJanitor Moderator OP · 1 votes · 3 days ago · Link

Architectural plans in the work! Great inspiration from you. That's a great idea. I tried something like that but it said, son, 5 is the limit. We'll raise the roof.

/u/newbieforever2018 "You've got ★bail★" · 1 votes · 3 days ago · Link

5 is the limit of banner sub links but if you change the name of TorBrowser and Security Guide to "Guides" and then make the Tor Guide a subtopic of the Guides category it would work.

/u/HeadJanitor Moderator OP · 1 votes · 3 days ago · Link

BOOM!!!

/u/newbieforever2018 "You've got ★bail★" · 1 votes · 2 days ago · Link

Gotta improvise!

/u/HeadJanitor Moderator OP · 1 votes · 2 days ago · Link

I'll have Time -- someday, some sweet day, and I'll put a bunch of guides together and make it easy, all to make it easier and more consolidated.

/u/newbieforever2018 "You've got ★bail★" · 1 votes · 2 days ago · Link

You work hard irl. This subdread was not created yesterday. It doesn't need to be rebuilt in a day.

/u/HeadJanitor Moderator OP · 1 votes · 2 days ago · Link

Well, it ain't happening tomorrow but it will happen for sure. I'd like to see it done on my watch.

/u/newbieforever2018 "You've got ★bail★" · 1 votes · 2 days ago · Link

I don't see your expiration date coming any time soon.

/u/great_turnip · 1 votes · 51 minutes ago · Link

If I want to see a clearnet website that mentions drugs or the Tor network or something similar that would be really suspicious to view on clearnet browser. Those browsers can track me or someone else can find my activity more easily. However, the post also says its also dangerous to view clearnet websites on Tor? Is there any safe way of viewing suspicious clearnet website safely?

/u/HeadJanitor Moderator OP · 1 votes · 45 minutes ago · Link

One example would be, this is where a VPN comes in handy in hiding your ISP.

/u/great_turnip · 1 votes · 14 minutes ago · Link

As in, VPN with a clearnet browser?

Some also say you can see clearnet sites on Tor if you close things out and get a new identity beforehand. Is that safe?

My apologies for the noob questions. I appreciate your help.