I think it's pretty balanced. Tor is one of the best privacy tools, no doubt, but we also should be on guard and consider alternative projects like I2P, Lokinet, etc.

NO!!! Tor browser dangerous to trust!

OVER three times Tor browser caught leaking hundreds of thousands of peoples IP addresses to FEDS, though the https traffic contents secure up to the endpoint.

TOR BROWSER in TAILS routinely has code inserted to subvert it, or borrows javascript code that has exploits in it known to FBI and NSA as proven in many federal court prosecution transcripts.

TOR BROWSER INSECURE FROM HOME, even if all javascript disabled (proven below)

HTTPS is secure, but sadly, once connected to https://ramble.pw or any https site, backdoor exploits added to tor browser , by NSA/CIA, in the form of "ACCIDENTAL CODE SUBMISSIONS" to tor browser used in TAILS, leaks your IP to the target. This means...

... that using one or even a chain of VPNS can have the ENDPOINT (https://ramble.pw or ISP of https://ramble.pw) exploit your TAILS tor browser via javascript (typically), or WebRTC (in the past) to LEARN YOUR ACTUAL TRUE IP ADDRESS!!!

This means that the HTTPS encrpyted traffic is still secure, end to end, but your IP address can still be logged using VPNS, by the endpoint.

Thse ways and means show up in federal court cases when FBI is forced to reveal tactics under a Judges order in court trials.

They for years tor browser in TAILS had hidden backdoors proven if you read the release notes of TAILS TAILS too? Yup, Even the famous https://tails.boum.org/

...had WebRTC enabled by accident (or by mossad on purpose) in past versions of TAILS, and if you read ALL THE CHANGE NOTES OF ALL VERSIONS you will learn I am telling the truth on the one little note they fessed up.

https://medium.com/@blackVPN/critical-windows-exploit-webrtc-can-expose-your-real-location-ip-address-even-when-using-a-vpn-4555d2fd280d

https://www.exploit-db.com/exploits/44403/

https://blog.ipvanish.com/webrtc-security-hole-leaks-real-ip-addresses/

https://thehackernews.com/2015/02/webrtc-leaks-vpn-ip-address.html

https://www.reddit.com/r/VPN/comments/2tva1o/websites_can_now_use_webrtc_to_determine_your/

That is NOT the only weakness in Tor browser, there were other non-WebRTC leaks!!!! Javascript (required for every free speech social site) and (required for Cloudflare) had exploits in summer 2019 that leaked endpoint IP addresses, and even allowed kernel level OS alteration on Mac OS using TAILS!!!!!! Many years of tails exploits prior too.

NO large web browser should EVER be trusted not to divulge IP addresses over VPN

Anyone trusting using TAILS along with its graphical browser, is a patsy. The rest are in prison already if they were criminals.

Only use text messaging , not a graphical web browser, when using TAILS, or tor services and VPNs! No fancy web browsers!

Even better, use a "one time visit" concealing gait and face, to a coffee shop.

Remember TOR/TAILS often runs unstoppable javascript using exploits by FBI, such as the infamous recent noscript vulnerability!...

https://www.netsparker.com/blog/web-security/noscript-vulnerability-tor-browser/

javascript code can cause lots of problems for your anonymity, and even root your machine , as in summer of 2019.

HTML5 fingerprints and indestructible cookies also thwart SOME VPN users too :

https://33bits.wordpress.com/2010/02/18/cookies-supercookies-and-ubercookies-stealing-the-identity-of-web-visitors/

25% of sites fingerprint you using javascript (CloudFlare and others, require javascript to connect)

2020.08 : A quarter of the Alexa Top 10K websites are using browser fingerprinting scripts! https://www.zdnet.com/article/a-quarter-of-the-alexa-top-10k-websites-are-using-browser-fingerprinting-scripts/

In 2021, hundreds of research papers on novel fingerprinting techniques of browsers exist, and even I designed some using html5 graphics, not yet widely known by other researchers and not yet stopped in Google Chrome.

TAILS? use HiddenVM too

If you must try t connect to a https web site anonymously, use a hidden privacy VM OS and a set of privacy tools, at a public wifi :

https://github.com/aforensics/HiddenVM

https://news.ycombinator.com/item?id=22492343

There are many reasons why you may want to use HiddenVM.

whonix OS! inside HiddenVM, for TAILS on a USB, for coffeeshops or libraries: ...

I SUGGEST if you do not need OSX or Windows, to install Whonix secure Tor anonymization and TAILS inside your HiddenVM !!!
https://www.whonix.org/

TL/DR : Tor browser is not safe from home. NO CONNECTIONS MADE FROM YOUR HOME ARE SAFE FROM FBI/NSA if using a BROWSER, vs text chat. Hopping does nothing to protect HTTPS more than it already provides

This article is full of FUD. (e.g. whaaa Tor gets funds from DARPA! US gov is behind Tor!)

Does the port-forward affect layered encryption?

hopping adds no real benefit, other than perhaps protecting you from COMPROMISED machines logging raw connections along the way. most VPN companies, excluding ExpressVPN, have been in the news as compromised by nation states, even NORD VPN last year.

HTTPS protocol, by design , prevents man in the middle, and not even VPNS or ISPs know anything about your URL you are using, not even the domain name, just the IP address and the fact that you are requesting a port 443 HTTPS connection.

DNS traffic deduces domain name target, but IP already zeros in target unless using VPNs.

HTTPS is secure, but sadly, once connected to https://ramble.pw or any https site, backdoor exploits added to tor browser , by NSA/CIA, in the form of "ACCIDENTAL CODE SUBMISSIONS" to tor browser used in TAILS, leaks your IP to the target. This means...

... that using one or even a chain of VPNS can have the ENDPOINT (https://ramble.pw or ISP of https://ramble.pw) exploit your TAILS tor browser via javascript (typically), or WebRTC (in the past) to LEARN YOUR ACTUAL TRUE IP ADDRESS!!!

This means that the HTTPS encrpyted traffic is still secure, end to end, but your IP address can still be logged using VPNS, by the endpoint.

Thse ways and means show up in federal court cases when FBI is forced to reveal tactics under a Judges order in court trials.

They for years tor browser in TAILS had hidden backdoors proven if you read the release notes of TAILS TAILS too? Yup, Even the famous https://tails.boum.org/

...had WebRTC enabled by accident (or by mossad on purpose) in past versions of TAILS, and if you read ALL THE CHANGE NOTES OF ALL VERSIONS you will learn I am telling the truth on the one little note they fessed up.

https://medium.com/@blackVPN/critical-windows-exploit-webrtc-can-expose-your-real-location-ip-address-even-when-using-a-vpn-4555d2fd280d

https://www.exploit-db.com/exploits/44403/

https://blog.ipvanish.com/webrtc-security-hole-leaks-real-ip-addresses/

https://thehackernews.com/2015/02/webrtc-leaks-vpn-ip-address.html

https://www.reddit.com/r/VPN/comments/2tva1o/websites_can_now_use_webrtc_to_determine_your/

That is NOT the only weakness in Tor browser, there were other non-WebRTC leaks!!!! Javascript (required for every free speech social site) and (required for Cloudflare) had exploits in summer 2019 that leaked endpoint IP addresses, and even allowed kernel level OS alteration on Mac OS using TAILS!!!!!! Many years of tails exploits prior too.

NO large web browser should EVER be trusted not to divulge IP addresses over VPN

Anyone trusting using TAILS along with its graphical browser, is a patsy. The rest are in prison already if they were criminals.

Only use text messaging , not a graphical web browser, when using TAILS, or tor services and VPNs! No fancy web browsers!

Even better, use a "one time visit" concealing gait and face, to a coffee shop.

Remember TOR/TAILS often runs unstoppable javascript using exploits by FBI, such as the infamous recent noscript vulnerability!...

https://www.netsparker.com/blog/web-security/noscript-vulnerability-tor-browser/

javascript code can cause lots of problems for your anonymity, and even root your machine , as in summer of 2019.

HTML5 fingerprints and indestructible cookies also thwart SOME VPN users too :

https://33bits.wordpress.com/2010/02/18/cookies-supercookies-and-ubercookies-stealing-the-identity-of-web-visitors/

25% of sites fingerprint you using javascript (CloudFlare and others, require javascript to connect)

2020.08 : A quarter of the Alexa Top 10K websites are using browser fingerprinting scripts! https://www.zdnet.com/article/a-quarter-of-the-alexa-top-10k-websites-are-using-browser-fingerprinting-scripts/

In 2021, hundreds of research papers on novel fingerprinting techniques of browsers exist, and even I designed some using html5 graphics, not yet widely known by other researchers and not yet stopped in Google Chrome.

TAILS? use HiddenVM too

If you must try t connect to a https web site anonymously, use a hidden privacy VM OS and a set of privacy tools, at a public wifi :

https://github.com/aforensics/HiddenVM

https://news.ycombinator.com/item?id=22492343

There are many reasons why you may want to use HiddenVM.

whonix OS! inside HiddenVM, for TAILS on a USB, for coffeeshops or libraries: ...

I SUGGEST if you do not need OSX or Windows, to install Whonix secure Tor anonymization and TAILS inside your HiddenVM !!!
https://www.whonix.org/

TL/DR : NO CONNECTIONS MADE FROM YOUR HOME ARE SAFE FROM FBI/NSA if using a BROWSER, vs text chat. Hopping does nothing to protect HTTPS more than it already provides

One of the reasons I like this list is that it contains things I've never heard of, including new search engines.

Bruce Schneier is/was a NSA plant in 1993, proven by ME!

I EXPOSED HIM IN 1993 with actual proof on cyberpunks hangouts, such as usenet

Main proof, was his deliberate subverting of his Blowfish algorithm , that infected over 43 crypto library products!

https://en.wikipedia.org/wiki/Blowfish_(cipher)

His Blowfish source code was deliberately subverted in a clever way by him to collapse a crypto key of 256 bits to merely 32 bits if it was derived from user entered text passphrase and the letters typed by user had the high bit set (in ANSI, the high bit is UNDEFINED, not zero, but additionally, mac and pc users can trivially type countless symbols on keyboards that have the highest bit set.

That wiki page, and most people who are not crypto experts in the early 1990s, do NOT KNOW OF NSA connection to Bruce Schneier to spread backdoors in crypto libraries!!!!

wayback machines for usenet used to exist, and could have shown a direct URL to my research proving Bruce Schneier to be under NSA control. NSA uses cash to subvert crypto libraries. Large cash payments are how NSA got engineers at apple to subvert Apples own source code "accidental changes" to SSL code in iOS.

Bruce Schneier is a FUCKING SHILL for NSA!

Remember, Bruce Schneier ALGORITHM for Blowfish was OK, it was his backdoor exploit in the free source code that he widely distributed that has the exploit to collapse and nullify all keyspace.

The high bit got erroneously smeared to all lower bits in each byte of the passphrase. This fact and exploit is still unknown out side of my typing here to you now, and the very rarely archived usenet group I posted too in 1993, 1994. I generally never publish my countless exploits I discover in hardware or software, but I am not wrong and anyone with a copy of Bruce Schneiers widely used blowfish source code promoted in 1994 can trivially verify all I wrote using a ANSI C conformant compiler.

BEWARE Bruce Schneier!

His backdoors in source code , PROVEN, may have toppled governments, promoted fraud, got political dissidents executed, and more.

TL;DR: DDG is fine for regular usage, some of its issues can be solved by using uBlock Origin.

---

Sure, DuckDuckGo is suspicious, but it's also a search engine that has somewhat decent results, unlike Mojeek and Wiby.me, and that's sad.

About those two issues above, tracking could be disabled if you have uBlock Origin (which you should), and ads can be disabled in settings (or with uBlock Origin, again).

And about those three other issues, well, it does suck that Gabriel Weinberg ran Names Database, and it does suck that DuckDuckGo had a tracking cookie, which I'm not sure if uBlock Origin blocked. However, I don't think it matters that DDG is in USA. I mean, just read this: https://digdeeper.neocities.org/ghost/email.html#laws

Not sure whether I can trust that list, considering it features DuckDuckGo.

1. DuckDuckGo has a tracker on the home page.
2. DuckDuckGo tracks the ads you click on before redirecting you. You can see this in the screenshot below.

https://www.stoutner.com/new-default-homepage-and-search-engine/

Gabriel Weinberg, the founder of DuckDuckGo, used to run the Names Database.[1] This was a website that aimed to connect people who had lost contact by gathering lots and lots of e-mail addresses. Getting access could be done by either paying money, or submitting lots of e-mail addresses of other people. Since the service revolved around gathering personal information, it is very suspicious for Gabriel Weinberg to start a business that is privacy-oriented. [2]

DuckDuckGo used to set a tracking cookie, even though they claimed they didn't. This was done by a third party they cooperate with, which means that it wasn't necessarily intentional, but if it's unintentional, it shows a worrying lack of care.[3]

DuckDuckGo is based in the US. This makes it really easy for the NSA to compromise it. If it were based in the EU, for example, the NSA wouldn't have the legal power to force them to log everything without telling anyone. This wouldn't guarantee privacy, but it would make it a lot more plausible. Instead, they're based in the US, which means that the NSA can do whatever they want with them. There are secure search engines that are not based in the US.[3]

https://archive.is/9wR4O

https://archive.is/N2qe8

https://archive.is/qntuk

it's = it is. its = possessive. That's what you want to use.

Your articles are high-quality ones. Don't degrade them by following the example of millions of people on the internet who use them wrong, or even interchangeably.

apple is far worse than google and facebook when it comes to maligning tools that actively enable privacy. this is just their way of signaling virtue.

https://ramble.pw/ (not famous yet)

This is my favorite.

The only problem with Chromium is the lack of fingerprinting defenses. Brave is working on it.

https://brave.com/privacy-updates-4/

Although Tor Browser is more mature and reliable at this point.

Brave is developing fingerprinting defenses too.

https://brave.com/privacy-updates-4/

Of course, Tor Browser is a mature project and more reliable at this point. Let's hope Brave continues to strengthen its privacy and reliability.

Just tried it with a new profile. It leaks the word and opens a search page. I'm not sure why it opens test.com automatically for you.

It's ESR 78.

Yep, it does this. I just tested and confirmed.

07:07:21: query[A] test from 209.xx.xx.xx
07:07:21: config test is NODATA-IPv4
07:07:21: query[AAAA] test from 209.xx.xx.xx
07:07:21: config test is NODATA-IPv6

Then it went to "test.com" automatically.

Following the discussion on /r/netsec, Bruce Schneier is also a director of the Tor Project ;)

As far as I know nothing, since these are not enforceable.

Also , be sure to add "on my OS, on my machine, conditionals as well" to not trigger people demanding you try it on 3 ISPS on 3 machines. Ask for confirmation at top and bottom of your post to not trigger the Brave fanboy nazis thinking you are a enemy shill.

Yeah, good idea.

.onion is a special tld that should never be sent to a DNS server to be resolved. Ever.

Thanks for your research, keep posting to all the 29 or so free speech sites... too bad Poal shadowbans, censors , deletes, and is a god damned dumpster fire.

I posted proof of two popular user upvoated topics totally censored by Poal admins this last week : https://ramble.pw/f/privacy/2387/-/comment/2901

LIST OF PLACES for you to consider posting your research and revelations!:

https://ramble.pw/f/privacy/2387/-/comment/2902

Save that list!

Also , be sure to add "on my OS, on my machine, conditionals as well" to not trigger people demanding you try it on 3 ISPS on 3 machines. Ask for confirmation at top and bottom of your post to not trigger the Brave fanboy nazis thinking you are a enemy shill.

Poal.co censors far far too much in Feb 2021 : two examples in my prior post.

but I agree that Rambler need to post this asking for confirmation on all the following sites , and even other less censoring subreddits on Reddit.

The top 29 known mostly Free Speech social sites, unranked :

https://boards.4chan.org/pol/
https://archive.4plebs.org/pol/ (legible nondeletable 4chan)
https://www.16chan.xyz/pol/
https://8kun.top (current 2020 8Chan, tor onion link : jthnx5wyvjvzsxtu.onion)
https://8kun.top/pnd/ (8Chan pol)
https://forum.searchvoat.co/viewforum.php?f=31 (never censors legal speech)
https://www.dailystormer.name (https://dailystormer.su/)
https://endchan.org
https://notabug.io/t/all
https://9chan.tw/bestpol/
https://phuks.co/ [server down Oct 2020, up again]
https://poal.co/ (censors speech often, proof https://files.catbox.moe/iuncm1.jpg)
https://ramble.pw/ (not famous yet)
https://wearethene.ws/ (2021 very active 8Chan Q stuff, more legible)
https://Greatawakening.win/ (Q related)
https://raddle.me/ (Raddle)
https://vnnforum.com/
https://patriots.win/ (claims to be free speech, CENSORS discussions of jews, guns, race IQ, etc)
https://ruqqus.com/+MAGA (2% of the old thedonald.win users went here, despite ruqqus censorship)
https://dstormer6em3i4km.onion.link/ [http://dstormer6em3i4km.onion/] (emergency tor onion for https://dailystormer.su/)
https://www.whitedate.net/whitedate-forums/
https://endchan.net/qanonresearch/
https://ruqqus.com/ (claims to be free speech, has leftists control a lot of it)
https://saidit.net/ (censors, but not as bad as reddit)
https://communities.win/ (censors, but not as bad as reddit)

link of that vpn ?

port-forward for p2p apps to connect. Does not affect encryption.

e.g. Safe browsing, Health Report, and Pocket.
Spyware Whatchdog says. Clearnet, Tor, I2P

I created a Ruqqus account and posted in +Privacy but it's not showing up so it's probably either because my account is new. I created a Poal account and posted it there and it appears to me. May not if I log out. Not sure.

Could be. But anything that is advertised to do with Tor shouldn't make any activity known outside of the Tor network itself.