Still Under DDOS, but here is a status update anyway. The Tor network is breaking.
/d/OpSec icon

/d/OpSec

17,155 subscribers

Anonymous Planet Onion

Discussion of OpSec, Threat Models, Protection, Assessment & Countermeasures.

Vendors: /d/vendor_handbook.

While the focus of this community's OpSec discussions may center around Dark Net (DN) activity, all members of this sub are encouraged to think about, discuss, and share ideas relating to OpSec.

I am using TOR without anyone VPN, should I get one?

by /u/NewBornBaby-69 · 1 votes · 2 months ago

Like, I am not buying stuff or getting involved in any illegal purchases. I am just surfing the dark web for fun and to learn and get in hand experience. Should I consider buying one or TOR is more than enough?

Comments (13)
/u/a5tr4ng3r · 1 votes · 2 months ago · Link

some say yes, some say no. If you don't use a VPN your ISP can see youre using the tor network from my understanding.

/u/NewBornBaby-69 OP · 1 votes · 2 months ago · Link

I am not doing any illegal activities yet as I am not capable enough and still in learning phase

/u/SmokeAllDay · 1 votes · 2 months ago · Link

Not all VPNs are equal and its pretty difficult for you to verify the claims those VPN providers make, like no logging etc...

But in the event a site is compromised and Tor fails for whatever reason, having another layer(although certainly will give you up if asked) cant hurt.

Having 3-4 VPNs with good privacy in rotation cant do damage IMO.

Although I have mixed feelings about VPN, its kinda suspicious how aggressive marketing they do, but thats another topic.

/u/NewBornBaby-69 OP · 1 votes · 2 months ago · Link

tbh its difficult for me to afford VPN subscription now, I am accessing this on my mobile data (which is much cheaper than Broadband, in my country). I am not involved in any illegal trade, so I should (i hope) be fine, right?

/u/SmokeAllDay · 1 votes · 2 months ago · Link

I dont wish to attest that you will be fine, because it all depends on what you do that will attract attention to you.

There are various ways to get vpn without paying.

It does help if your mobile data is not connected to your name, although geo-location might be a issue, but its better than your real IP with your name getting leaked for whatever reason.

You are basically creating hurdles for them to catch you, as LE will always go after low hanging fruit first, unless you are a special target.

/u/NewBornBaby-69 OP · 1 votes · 2 months ago · Link

How can I get a free VPN?

I think you are right about creating hurdles for me in future, Silk Road Founder Ross Ulbricht was (partially) arrested because he used his real email address one time on an online forum.

/u/GOUPIL · 1 votes · 2 months ago · Link

i am sure for your purposes, you don't need a VPN!

/u/corqo · 1 votes · 2 months ago · Link

If you are just browsing the deepweb and not trying to access clearnet sites over an anonymized connection. I would recommend just using Tor only. You should always use Tor as your first hop onto the internet. If you need to hide from your ISP that you are using Tor, then you should opt for Tor obfs4 bridges. The only scenario where I find a VPN is useful is when I need to access clearnet from an anonymized connection. Which VPN's only provide privacy, they would only provide slight anonymity if the person running the VPN service would go to prison for you. Which most 10$ a month VPN fee's don't warrant that type of loyalty. Thus, if you are only accessing the darkweb, then just use Tor or Tor with obfs4 bridges. If you need to access clearnet sites anonymously and you don't want to deal with captchas and tor exit node blacklisting, then I would suggest VPN over Tor. (Tor -> VPN-> Clearnet). But you should do your own research to weigh the risks. For example, if you connect to a VPN over Tor, the tor circuit will not rotate and the VPN tunnel will use the same circuit the entire time which could potentially weaken your anonymity if the Tor circuit your VPN tunnel is using is compromised. I think the best middle ground that I have personally found is to have an os such as Qubes and having two separate Sys-Whonix net vms, one for my VPN tunnel to use, and one for deep web browsing. As it is bad practice to access onion sites over the same Tor identity that you access clearnet IP's over. Hence the reason for two different sys-whonix qubes.

/u/NewBornBaby-69 OP · 1 votes · 2 months ago · Link

As I am just starting to get in this, I only use TOR for deep & dark web, as its slow compared to normal browser where we connect directly to the server. I recently clicked on a onion link that directed me to a website that sold drugs and all and it was when I got serious about privacy. I am not into illegal things yet and probably not for a year or two. I would surely use TOR obfs4 bridges from now on for greater safety.

/u/corqo · 1 votes · 2 months ago · Link

One other suggestion. Be sure to disable javascript in Tor browser. The majority of previous deanonamization vulnerabilities affecting Tor browser in the past have required Javascript to be enabled to be effective.

Go to about:config in your Tor browser's URL bar and search for "javascript.enabled" and double click it to set it to false. Also change the tor security slider to safest.

Beyond that, some safety improvements that you can make is if you are just browsing the deepweb and you want a bit of a better setup. Look into Whonix. The whonix configuration has some additional protections that you don't have with the normal tor browser as mentioned on the whonix wiki. Also, make sure you keep your host OS up to date and clean of viruses because if your host device is infected, assume anyone who has access to your system is able to monitor what you are doing in tor browser. Low chance of this, but doesn't take alot of effort to follow best practices. lastly. make sure to keep Tor Browser up to date.

For someone with your situation. Where you are preparing for illicit stuff over the next year or two. I would suggest using tails with persistent storage. Make sure your persistent storage passphrase is sufficient in complexity. I would suggest looking into Diceware passwords and generating as 9 to 13 word diceware passphrase. And then once you are in tails with persistent storage configured, you will want to disable javascript in Tor browser, create a keepass database for maintaining bookmarks and creds. And make sure to not use any usernames or passwords that you previously used elsewhere as they can be linked to you just by using the same or similar password that you used on the clearnet.

/u/NewBornBaby-69 OP · 1 votes · 2 months ago · Link

I disabled Java Script before even making my first search on TOR. I have Tails OS installed on a USB stick when I want to venture and explore into the dark web more, I just boot it up on my Laptop. I am taking all the security precautions that I am aware of.

/u/corqo · 1 votes · 2 months ago · Link

Yeah, your setup sounds solid. Feel free to add me on XMPP + OMEMO if you have any questions. I've been around the scene for quite a while and would be okay answering some questions you might have in the future.

/u/IamLegion · 1 votes · 2 months ago · Link

dont use a vpn with tor