blog-contributions/opsec/torbrowsing/index.html

256 lines
13 KiB
HTML

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>Tor Browsing Setup</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-01-31</ba></p>
<h1>Tor Browsing Setup </h1>
<img src="0.jpeg" style="width:250px">
<p>In this tutorial we're going to cover how to browse the web anonymously, and some simple rules to follow to protect your anonymity. </p>
<p><h2><u>OPSEC Recommendations:</u></h2></p>
<ol>
<li><p>Hardware : (Personal Computer / Laptop)</p></li>
<li><p>Host OS: <a href="../linux/index.html">Linux</a></p></li>
<li><p>Hypervisor: <a href="../hypervisorsetup/index.html">libvirtd QEMU/KVM</a></p></li>
<li><p>Virtual Machine: <a href="../hypervisorsetup/index.html">Linux</a> or <a href="../whonixqemuvms/index.html">Whonix</a> or <a href="../tailsqemuvm/index.html">Tails</a> </p></li>
<li><p>Application: <a href="../vpn/index.html">VPN</a> (if your ISP doesn't allow Tor traffic) </p></li>
</ol>
<p>I recommend using this setup into one of the above mentionned VMs, for <a href="../anonymityexplained/index.html">Anonymous use</a>, as per the <a href="../opsec4levels/index.html">4 basic OPSEC levels</a>.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Initial Setup </b></h2>
<p>If you have a regular debian distribution, do as follows to install the tor browser:</p>
<pre><code class="nim">
[ mainpc ] [ /dev/pts/5 ] [~]
→ sudo apt install tor torsocks curl apt-transport-tor gnupg2 -y
[ mainpc ] [ /dev/pts/1 ] [~]
→ sudo torsocks curl --output /usr/share/keyrings/derivative.asc --url http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion/keys/derivative.asc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 77312 100 77312 0 0 7106 0 0:00:10 0:00:10 --:--:-- 23126
[ mainpc ] [ /dev/pts/1 ] [~]
→ echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list
deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm main contrib non-free
[ mainpc ] [ /dev/pts/1 ] [~]
→ sudo apt update -y
Hit:1 http://deb.debian.org/debian bookworm InRelease
Hit:2 http://security.debian.org/debian-security bookworm-security InRelease
Hit:3 http://deb.debian.org/debian bookworm-updates InRelease
Hit:4 https://packages.element.io/debian default InRelease
Get:5 tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm InRelease [39.6 kB]
Get:6 tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm/main amd64 Packages [34.3 kB]
Get:7 tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm/contrib amd64 Packages [506 B]
Get:8 tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm/non-free amd64 Packages [896 B]
Fetched 75.3 kB in 12s (6,284 B/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
16 packages can be upgraded. Run 'apt list --upgradable' to see them.
[ mainpc ] [ /dev/pts/1 ] [~]
→ sudo apt install tb-starter tb-updater -y
[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]
→ systemctl enable --now tb-updater-first-boot.service (3)
Created symlink /etc/systemd/system/multi-user.target.wants/tb-updater-first-boot.service → /lib/systemd/system/tb-updater-first-boot.service.
[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]
→ systemctl --no-pager --no-block status tb-updater-first-boot.service
● tb-updater-first-boot.service - Helper Service for /usr/bin/torbrowser to determine when it is save to Copy Tor Browser from /var/cache/tb-binary to user home by Whonix developers
Loaded: loaded (/lib/systemd/system/tb-updater-first-boot.service; enabled; preset: enabled)
Active: active (exited) since Wed 2024-01-31 08:59:34 CET; 2s ago
Docs: https://github.com/Whonix/tb-updater
Process: 140334 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 140334 (code=exited, status=0/SUCCESS)
CPU: 690us
[ mainpc ] [ /dev/pts/1 ] [~]
→ torbrowser
INFO: ARCH 'x86_64' detected.
INFO: ARCH_DOWNLOAD 'linux-x86_64' detected.
INFO: CURL_PROXY:
INFO: Not running inside Qubes Disposable Template, ok.
INFO: Using stable version. For alpha version, see: https://www.whonix.org/wiki/Tor_Browser#Alpha
INFO: Running connectivity check... Downloading...: https://www.torproject.org
INFO: CURL_OUT_FILE: /home/nihilist/.cache/tb/temp/tbb_remote_folder
INFO: Connectivity check succeeded.
INFO: Find out latest version... Downloading...: https://aus1.torproject.org/torbrowser/update_3/release/downloads.json
INFO: CURL_OUT_FILE: /home/nihilist/.cache/tb/RecommendedTBBVersions
INFO: Learn more about this Download Confirmation Notification.
https://www.whonix.org/wiki/Tor_Browser#Download_Confirmation_Notification
INFO: Previously downloaded version: none
INFO: Currently installed version: None installed. (Folder /home/nihilist/.tb/tor-browser does not exist.)
INFO: Online detected version: 13.0.9
QUESTION: Download now?
y/n?
y
INFO: Because you are not using --nokilltb, now killing potentially still running instances of Tor Browser...
firefox.real: no process found
INFO: Digital signature (GPG) download... Will take a moment...
INFO: Downloading...: https://www.torproject.org/dist/torbrowser/13.0.9/tor-browser-linux-x86_64-13.0.9.tar.xz.asc
INFO: CURL_OUT_FILE: /home/nihilist/.cache/tb/files/tor-browser-linux-x86_64-13.0.9.tar.xz.asc
INFO: Downloading Tor Browser...
INFO: Downloading...: https://www.torproject.org/dist/torbrowser/13.0.9/tor-browser-linux-x86_64-13.0.9.tar.xz
INFO: CURL_OUT_FILE: /home/nihilist/.cache/tb/files/tor-browser-linux-x86_64-13.0.9.tar.xz
INFO: Digital signature (GPG) verification... This will take a moment...
INFO: Using digital signature signing key by The Tor Project.
INFO: Digital signature (GPG) verification ok.
INFO: Installation confirmation
Currently installed version: None installed. (Folder /home/nihilist/.tb/tor-browser does not exist.)
Downloaded version : 13.0.9
We have not previously accepted a signature yet. Therefore assisted check for downgrade or indefinite freeze attacks skipped. Please check the Current Signature Creation Date looks sane.
Previous Signature Creation Date: Unknown. Probably never downloaded a signature before.
Last Signature Creation Date : January 23 13:14:38 UTC 2024
According to your system clock, the signature was created 8 days 3 hours 25 minutes 2 seconds ago.
gpg reports:
gpg: Signature made Tue 23 Jan 2024 02:14:38 PM CET
gpg: using RSA key 613188FC5BE2176E3ED54901E53D989A9E2D47BF
gpg: Good signature from "Tor Browser Developers (signing key) " [ultimate]
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: 6131 88FC 5BE2 176E 3ED5 4901 E53D 989A 9E2D 47BF
Learn more about this Installation Confirmation Notification.
https://www.whonix.org/wiki/Tor_Browser#Installation_Confirmation_Notification
QUESTION: Install now?
y/n?
y
INFO: Extracting /home/nihilist/.cache/tb/files/tor-browser-linux-x86_64-13.0.9.tar.xz ...
extraction percent done: 19 / 100
extraction percent done: 44 / 100
extraction percent done: 63 / 100
extraction percent done: 82 / 100
extraction percent done: 100 / 100
</code></pre>
<p>Next, we'll do some slight configuration changes, starting with the automatic connection:</p>
<img src="1.png" class="imgRz">
<p>Then we make sure that all javascript is disabled, using the shield option on the top right corner, make sure it's set to the "Safest" setting:</p>
<img src="2.png" class="imgRz">
<p>Then a personal preference, let's switch on the dark theme:</p>
<img src="3.png" class="imgRz">
<img src="4.png" class="imgRz">
<p>And from there you can start browsing. You can browse the clearnet first to see how the tor connection works:</p>
<img src="5.png" class="imgRz">
<p>As you can see here, when browsing to the clearnet, your traffic is being encapsulated threefold, meaning that you are entrusting your connection to 3 tor node owners around the globe. And on top of that, they are in 3 different countries.</p>
<img src="6.png" class="imgRz">
<p>Next, when you browse to a website that can be accessed via a .onion link, you might get the above message that shows up. I prefer to not prioritize onions to avoid unecessary page refreshes. Instead i click on the .onion available button if it appears.</p>
<img src="7.png" class="imgRz">
<p>Now when you're connected to the .onion hidden service, you can see that your connection goes through more tor nodes, this is the best way to access websites online, you're not leaking any info they don't need to know that way. Plus, since we are on the "safest" setting, we are not loading any javascript that may be used to fingerprint our activity online. </p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nowheremoe:nowhere.moe">Matrix Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>