Privacy Checking

Check that you’re currently displaying a Tor IP address and that all scripts are disabled. If they’re not then this is a privacy risk and you should continue to follow the advice below.

Whoer.net

For results under “Location” it should be giving the Tor servers hostname, ISP and not you’re own. Under “Your Anonymity” it should list have an ‘X’ against Tor meaning you are correctly using tor. Under the Browser results it should be listed like this.

  • Javascript – disabled
  • Flash – disabled
  • Java – disabled
  • ActiveX – disabled
  • WebRTC – disabled

Blocking Scripts Globally

When you first install Tor Browser bundle, make sure scripts via NoScript are not globally allowed. This is very dangerous to your privacy and should be turned OFF. you can right click the no script icon (S icon next to address bar) and select options, in general tab, uncheck the scripts globally allowed tab.

Slider Options

The new slider options should also be changed. Click on the Onion icon at the top of tor browser for the drop down menu, and click “Security settings” and on the slider it should be set to ‘high’ for security level (by default is set as low).

Note: Tails OS resets these slider options so make sure you have them set to ‘High’ whenever you access the Tor Browser.

Plugins

Addons/plugins should be blocked and/or not installed at all. NONE of the plugins not supported by the TorProject run the risk of bypassing the Tor Network and accessing the net directly, which runs the risk of leaking your real IP Address. It should be clear indication to anyone why this is an issue, but people sometime disregard the risks and lose a large part of their OpSec over mistakes like these.

Tails OS

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to: use the Internet anonymously and circumvent censorship; all connections to the Internet are forced to go through the Tor network; leaving no trace on the computer you are using unless you ask it explicitly; use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.

Its an extra layer of protection that a lot of people trust and use. To learn more, please visit the various links below. They provide thorough, and detailed documentation on the usage and installation of the Tails OS.

  • Official Site: https://tails.boum.org/
  • DNM Buyer Bible: https://www.reddit.com/r/DarkNetMarketsNoobs/wiki/bible/buyer/tails/
  • [b]DeepDotWeb:[b] https://www.deepdotweb.com/
  • Whonix
  • An alternative to Tails and also an open source project. Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP.
  • To learn more about Whonix, the installation process and more detailed descriptions of what security layers the OS provides, please read on below using the following links.
  • [list]
  • Official Site: https://www.whonix.org
  • DNM Buyer Bible: https://www.reddit.com/r/DarkNetMarketsNoobs
  • /wiki/bible/buyer/whonix/

Shredding History / Footprints

This section only applies to users who use the Tor Browser while not using Tails OS or Whonix

The recommend tool for cleaning footprints, history, cache, etc. from your drive is using a program known as CCleaner. It is recommended to go to Options > Settings and then selecting Complex Overwrite (7 passes) and ‘secure file deletion’. Make sure all the boxes are ticked when Cleaning, including the Windows and Application tabs.

This is recommended normally before the connection to Tor and after you’ve left Tor, to wipe all cookies etc. Remember that though this may clear a good deal of the tracks left behind of your activity on your PC, no cleaning software can ever remove all traces all of the time.

Cookies – How The NSA is using them to track TOR users?

Let’s suppose that there is a famous online shopping website, owned or controlled by NSA. When a normal user will open that website from his own real IP address, the website creates a cookie on the user ‘ browser and stores real IP address and other personal information about the user. When the same user will again visit the same NSA owned website, enabling Tor this time on the same browser – website will read last stored cookies from browser, which includes the user’ real IP address and other personal Information. Further website just needs to maintain a database of Real IP addresses against the Tor Proxy enabled fake IP addresses to track anonymous users. More Popular the site is, More users can be tracked easily. Documents show that the NSA is using online advertisements i.e. Google Ads to make their tracking sites popular on the internet.

How you can avoid Cookie tracking?

One browser can’t read the cookies created by other browser (As far as we know at the moment but this may change in the future, or become public). So Don’t use Tor on the same browser, that you use for regular use with your real IP address. Only use the standard Tor Browser Bundle instead for Anonymous activities. You should always clear the cookies (with CCleaner or alike) after you’re done so any stored information, such as log on information – will not be stored on that computer. If you’re doing something very interesting, you should use Tor on a virtual machine with the live OS so that cookies and cache and other OS data are dumped when the machine is closed.

Closing

Hopefully you find this Tor Security Guide a helpful source of information on the various steps needed to maintain your security and privacy. Don’t take your freedom nor your livelihood for granted. You never know what could happen so never let the odds be stacked against you.