Is Tor Browser Safe and Completely Anonymous to Use?smartypants wrote (edited )
NO!!! Tor browser dangerous to trust!
OVER three times Tor browser caught leaking hundreds of thousands of peoples IP addresses to FEDS, though the https traffic contents secure up to the endpoint.
TOR BROWSER in TAILS routinely has code inserted to subvert it, or borrows javascript code that has exploits in it known to FBI and NSA as proven in many federal court prosecution transcripts.
TOR BROWSER INSECURE FROM HOME, even if all javascript disabled (proven below)
HTTPS is secure, but sadly, once connected to https://ramble.pw or any https site, backdoor exploits added to tor browser , by NSA/CIA, in the form of "ACCIDENTAL CODE SUBMISSIONS" to tor browser used in TAILS, leaks your IP to the target. This means...
... that using one or even a chain of VPNS can have the ENDPOINT (https://ramble.pw or ISP of https://ramble.pw) exploit your TAILS tor browser via javascript (typically), or WebRTC (in the past) to LEARN YOUR ACTUAL TRUE IP ADDRESS!!!
This means that the HTTPS encrpyted traffic is still secure, end to end, but your IP address can still be logged using VPNS, by the endpoint.
Thse ways and means show up in federal court cases when FBI is forced to reveal tactics under a Judges order in court trials.
They for years tor browser in TAILS had hidden backdoors proven if you read the release notes of TAILS TAILS too? Yup, Even the famous https://tails.boum.org/
...had WebRTC enabled by accident (or by mossad on purpose) in past versions of TAILS, and if you read ALL THE CHANGE NOTES OF ALL VERSIONS you will learn I am telling the truth on the one little note they fessed up.
https://www.exploit-db.com/exploits/44403/
https://blog.ipvanish.com/webrtc-security-hole-leaks-real-ip-addresses/
https://thehackernews.com/2015/02/webrtc-leaks-vpn-ip-address.html
https://www.reddit.com/r/VPN/comments/2tva1o/websites_can_now_use_webrtc_to_determine_your/
That is NOT the only weakness in Tor browser, there were other non-WebRTC leaks!!!! Javascript (required for every free speech social site) and (required for Cloudflare) had exploits in summer 2019 that leaked endpoint IP addresses, and even allowed kernel level OS alteration on Mac OS using TAILS!!!!!! Many years of tails exploits prior too.
NO large web browser should EVER be trusted not to divulge IP addresses over VPN
Anyone trusting using TAILS along with its graphical browser, is a patsy. The rest are in prison already if they were criminals.
Only use text messaging , not a graphical web browser, when using TAILS, or tor services and VPNs! No fancy web browsers!
Even better, use a "one time visit" concealing gait and face, to a coffee shop.
Remember TOR/TAILS often runs unstoppable javascript using exploits by FBI, such as the infamous recent noscript vulnerability!...
https://www.netsparker.com/blog/web-security/noscript-vulnerability-tor-browser/
javascript code can cause lots of problems for your anonymity, and even root your machine , as in summer of 2019.
HTML5 fingerprints and indestructible cookies also thwart SOME VPN users too :
25% of sites fingerprint you using javascript (CloudFlare and others, require javascript to connect)
2020.08 : A quarter of the Alexa Top 10K websites are using browser fingerprinting scripts! https://www.zdnet.com/article/a-quarter-of-the-alexa-top-10k-websites-are-using-browser-fingerprinting-scripts/
In 2021, hundreds of research papers on novel fingerprinting techniques of browsers exist, and even I designed some using html5 graphics, not yet widely known by other researchers and not yet stopped in Google Chrome.
TAILS? use HiddenVM too
If you must try t connect to a https web site anonymously, use a hidden privacy VM OS and a set of privacy tools, at a public wifi :
https://github.com/aforensics/HiddenVM
https://news.ycombinator.com/item?id=22492343
There are many reasons why you may want to use HiddenVM.
whonix OS! inside HiddenVM, for TAILS on a USB, for coffeeshops or libraries: ...
I SUGGEST if you do not need OSX or Windows, to install Whonix secure Tor anonymization and TAILS inside your HiddenVM !!!
https://www.whonix.org/
TL/DR : Tor browser is not safe from home. NO CONNECTIONS MADE FROM YOUR HOME ARE SAFE FROM FBI/NSA if using a BROWSER, vs text chat. Hopping does nothing to protect HTTPS more than it already provides
Viewing a single comment thread. View all comments