File: 1375578537565.jpg-(228 KB, 908x720, lol ron paul.jpg)

228 KB JPG

I've argued with so many people here who insisted Tor was safe. Can't wait to read the news about them getting their doors busted down at 6AM. The ultimate QED.

>>35753849 (OP)
I don't get what this javascript is trying to do.

It detects firefox then creates a hidden iframe and a cookie that has a date and an ID in it?

>>35753849 (OP)
Tor browser bundle comes with pre-installed and pre-activated noscript addon which disables javascript. Congrats on being a tard.

What type of asshole uses Tor with JavaScript enabled?

>>35753979
i think the idea is that they hope to be able to read the cookie later from other sites, which is pretty useless when you follow the torproject guidelines.
also, cookies are automatically deleted when you close a tab in the browser bundle as a default setting
nice b8 m8-

>>35754046
>durr why doesn't my facebook work
>youtube is broken, fix it tor!

Those kinds of people.

>>35753979
The iFrame presumably contains some unknown browser exploit that relies on the cookie.

>>35754035
Tor Browser Bundle has JavaScript enabled by default, actually.

>>35754046
This. Only idiots get caught

>>35754068
because those totally download CP.

>>35754075
>Tor Browser Bundle has JavaScript enabled by default, actually.
Because of these >>35754068 people.

It's recommended you turn it on.

>>35754088
>implying they don't

Is that why everything is "down for maintenance"?

Anyone want to visit the iFrame URL and report back what it spits out?

I'd advise using your neighbour's wifi connection of course.

>>35754095
>It's recommended you turn it on.
it is recommended not to visit facebook, youtube, google, ANYTHING with cookies and scripts enabled.
nice b8.

>>35754075
Well I am interested in finding out that zero-day exploit. But I wouldn't follow that IP and have FBI log mine tbh.

Not OP related, but a Tor question. If they safe every TCP header ever with a time stamp, isn't it very easy to reconstruct the tor route over all relays?
(Sorry if this is stupid, never used tor, never really looked up how it works.)

File: 1375579000154.jpg-(295 KB, 1179x789, 1374039008440.jpg)

295 KB JPG

>>35754068
There are people who use Flash with TOR
>>35754075
>Tor Browser Bundle has JavaScript enabled by default, actually.
Mine came with noscript

AHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHHHHHHHHHAAAAAAAAAAAAAAAA

oh god

...

BWWWWWWWAAHAHAAHAHAHAHAAHA.

Enjoy jail, dumb people.

>>35754107
inb4 nsa

>>35754130
>>35753942
>>35754152
https://yourlogicalfallacyis.com/personal-incredulity

Who the fuck uses TOR outside of Tails on a machine with no hard drive?

>>35754163
>Using the same machine more than once.

> 6k yuros transfer to some romanians
That alone should be a red flag

>>35754130
good post

>>35754126
no. many people use the tor nodes, and in most of them there is no way to see where the packages are transported.

So people who are actually careful should be good right?

>>35754120
it is ded.
connection timeout

>He is charged with distributing, conspiring to distribute and advertising child pornography.

Not possession? Interesting. Maybe he was someone with absolutist views on free speech and not personally a fan of CP.

>>35754258
yeah it's javascript so just forbid scripts globally and you'll be ok

>>35754258
If by "careful", you mean "not using Tor", yes.

>>35754285
maybe he was just fast enough to microwave everything.

>>35754309
https://yourlogicalfallacyis.com/personal-incredulity

>>35754309
Because you're totally being secure using firefox/chrome without a proxy of any kind right now

>javascript
>using tor with javascript
top lil

>>35754346
the thing is the fbi/nsa now have complete access to the tor servers

>>35754370
I doubt this will be a big thing. I still don't see very many people being caught for this kind of thing.

>>35754370
Tor is safe if you know how to use it.
https://yourlogicalfallacyis.com/personal-incredulity

>>35754246
>many people use the tor nodes
This doesn't really convince me. If I had all SYN packets with timestamps from all tor nodes it should be easy to trace a high amount of the connections based on statistics.

File: 1375579875487.jpg-(174 KB, 1004x723, The Hidden Wiki - Tor Browser.jpg)

174 KB JPG

>>35753942
>>35754130
>>35754152
I don't understand. Do you mean that there are people that want to keep js enabled, and this could be bad?
Oh what a surprise. It's absolutely nothing new.
Next you'll tell me that someone got busted because he had forcefully enabled the flash plugin.

Side note: I don't get the connection between the irish arrested in OP and FH, "there is no connection" (so it is stated in the article as well). If you have different sources, please share.

>>35754415
the packets don't stay the same, dipshit.

>>35754333
Did you notice that you're posting in a thread about the FBI successfully tracking down the owner of a Tor hidden service? And now using a zero-day JS exploit for the Firefox Bundle to trace visitors?

Okay, so you have JavaScript disabled. What happens when the FBI finds a zero-day that doesn't need it?

>>35754333
>learns new word
>spams its dentition
epic
the fbi is probably going to start monitering all the servers

>>35754433
Of course not, its about the time frames the connections establish.

>>35754454
>What happens when the FBI finds a zero-day that doesn't need it?
Use the browser from TempleOS?

>>35754504
Woah,
Woah,
Woah,
Woah.
TempleOS has a browser?

>"muh little porn"
>"muh drugzz"
>"mug illegal gun trading"

- nothing of value will be lost.

>>35754483
but there are tons of packages at the same time, all the same size, around 70% have another TOR node as a target, they are encrypted following the same standard. I don't see where you would attack this system without an infrastructure that is insane even on an NSA scale.

So, what? Are they going to start knocking down the door of everyone who visited a CP site?

>>35754532
actually the gun trade is pretty much dead at this point

>>35754526
Actually, Temple doesn't even have networking.

>>35754532
what about the thousands of people who use it for research and reporting in less privileged countries

>>35754532
>"muh little porn"
Is that like porn where they only show the thumbnail?

>>35754068
Who in the right mind would use Tor for Facebook or YouTube?

>>35754544
Yep, better start stretching you anus. It'll hurt less

>>35754544
nah, they probably just try to get some shit into the news and hope for some idiots to out themselves in the open web during discussions like this one.

>>35754582
The idiots getting caught

File: 1375580388242.png-(7 KB, 274x302, 1359036905474.png)

7 KB PNG

There was once a guy who ran a drug exchange through Tor who got busted a while back.
He used Hushmail, which supposedly encrypts a user's emails and offers complete privacy. Yet in actuality they keep logs, are able to decrypt all emails (they hold the keys), and they turned the info over to the FBI.
These types of things have nothing to do with Tor, but rather incompetence of the people involved. Even if they make the slightest mistake they risk being caught.

>>35754572

Yea, turns out it's some kind of fetish.

>>35754544
>Are they going to start knocking down the door of everyone who visited a CP site?

They will knock door every American citizens who visited CP site.

>>35754426
http://www.reddit.com/r/onions/comments/1jmrta/founder_of_the_freedom_hosting_arrested_held/


As it is stated,
>Javascript simply lacks the ability to create sockets outside of the proxy needed to initiate a connection that would reveal your actual ip address

>Javascript alone can't be used to reveal an IP. It can however be used to 'fingerprint' your browser.

>Of course if they went full blown javascript payload they could do a lot of stuff that might actually be able to identify you, such as DNS ping or cache poison or download/execute other commands: see BeEF (http://beefproject.com/) but judging from that pastebin they're just grabbing usage stats

>>35754611
Is that true? Fuck this country.

>>35754610
dem pixels

>>35754555
TEMPLEOS IS OUR SAVIOR

WE MUST QUIT USING PROPERTY SOFTWARE LIKE WINDOWS AND HONEYPOT LINUX KERNEL CREATED BY JEWS TO ENSLAVE US

HOLY SHIT IT'S ALL CLEAR RIGHT NOW

TERRY DAVIS IS SECOND COMING OF JESUS

>>35754610
No, it's just porn for ants

>>35754610
What is it? Porn for ants?

>Thread about Tor
>Tor is not mentioned once in the article

>>35754567
They are fucked. But if the FBI is finally able to arrest some of the advertisers and their backers i dont give a shit about a guy in Burkina Faso.

What the fuck is "freedom host"?

>>35754539
I really don't think it would be that much of a problem, 50% the Tor nodes are already set up by the NSA. And they properly can see a lot of the traffic from the other nodes. Actually it would be a piece of cake to track someone over Tor with this setup. Where is my mistake?

>>35754622
reddit 1

/g/ 0

>lelelelel templeos fart cp CPCPCPCP drugs my little girl

>>35754653
>Tor is not mentioned
See
>>35754426
>>35754622

>>35754653
i already mentioned, the whole thing is just meant to cause a rustle.

>>35754630
Yeah buddy, better explain it to your mummy before the SWAT is saying hello...

JS is almost always disabled in torbutton, faget.

So TOR is compromised YES/NO?

>>35754678
Shit man. Thanks for the heads up.

>>35754691
NO, FUCKING FAGGOT.

>>35754653
Thank our Lord and Savior.

http://gizmodo.com/why-the-fbi-ran-a-child-porn-site-for-two-whole-weeks-510247728
The FBI hosted a cp cite
They actually helped citizens to break the law so that they could bust them and in the process broke the law themselves

USA USA USA USA USA USA USA USA USA USA USA USA USA USA USA USA

>>35754708

it makes perfect sense to bait people like so, but its unconstitutional to say the least

>>35754670
>50% the Tor nodes are already set up by the NSA
there is your mistake. it is actually a lot less.
also, you need ALL the nodes of a chain to be able to track traffic. if you are clever and find a node that is definitely secure, put it in your chain and you are safe.

>>35754708
They know it doesn't actually kill anyone.

>>35754708

If you wanna prevent people from breaking the law, you have to break it yourself.

>>35754426
>Screenshot from the Hidden Wiki
Enjoy your v&

>>35754708
To capture a pedo one must become a pedo.

>>35754691
Yes. Sorry, but you better tell the police that you have been a naughty boy and need some years of anal entertainment.

>>35754753
to win the war, you have to become the war.

>>35754708
>Everyone but the FBI can have child porn
muh freedom :(

>>35754744
>>35754670
There is NO reason why the NSA would need to run a node. They already have access to all the information they could ever want.
Why would they need to run a node?

File: 1375580891288.jpg-(40 KB, 400x600, 1372125170073.jpg)

40 KB JPG

>this thread

can't*

>>35754754
>thinking tor and the hiddenwiki are illegal

>>35754778
b-but i'm fat

>>35754653
>what is reading between the lines

It's no coincidence that the FBI took over the largest CP service on the Internet on the same day they arrested "the largest facilitator of child porn on the planet".

Also
>It is understood the FBI had spent a year trying to locate Mr Marques.
Fits the evasive nature of Tor. It wouldn't have taken a year to track down a normal CP distributor.
>The charges relate to images on a large number of websites
In other words, he wasn't running a single site, but hosting many (like Freedom Hosting).

>a website got hacked
>therefore, tor got hacked

>>35754796

It's your fault that you don't even lift.

>>35754708
>Distribute child pornography
>Arrest the people you just gave the images to for possession of child pornography

AN I'M PROUD TO BE AN AMERICAN WHERE AT LEAST I KNOW I'M FREE

>>35754801
>what is paranoia
they expect everyone to act the way you do. this is probably one of the greatest victories in the war on CP. everyone is scared, the market crashes.

>>35754831
Not him, but i know some fat fucks that can lift a tonne

>>35754744
Even without any nodes, all I need are the TCP SYN packages + timestamps. I couls properly not track with 100% certainty but it would be pretty high.

>>35754784
As said you don't need own nodes, but it would make it easier.

>>35754857
you obviously don't understand.
the packets go in on one side of the tor node.
they don't come out again.
other packages come out.

The first thing i always do with the bundle is disable JS. Always wondered which stupid cunt left it enabled by default.

>>35754835
We have the freedom to work for poverty wages and then to go to jail.

>>35754046
Believe it or not, Tor developers say you are safer with JavaScript on.

>>35754900
sauce

>>35754285
Obviously he was. He for well knew CP was being hosted on his services, hence the mySQL floods by anonymous a while ago.

>>35754880
But this is why the Vidalia bundle comes with Noscript (even if you have to set it to "deny all scripts"). I wonder how many jimmies will be rustled when the police says hello...

>>35754900
FBI pls

>>35754880
I did. Totally forgot I downloaded a fresh zip like 3 weeks ago. I never browse CP sites and I never bought drugs so I'm not worried though.

>>35754920

His ass.

>>35754934
Still, enabling JS is just fucking retarded. Plugins can fail all the time (I know on Chrome, sometimes it takes closing a tab and re-opening it for adblock to fully initialise).

>>35754847
/g/ won't believe that Tor is compromised until the FBI releases a press release saying "TOR IS A HONEYPOT AND WE ARE COMING TO ARREST YOU ALL RIGHT NOW"

>>35754962
i found this on the site but i still dunno

File: 1375581600598.png-(46 KB, 722x319, Screenshot from 2013-08-0(...).png)

46 KB PNG

>>35754979
whoops forgot pic

>>35754920
>Disabling JavaScript by default, then allowing a few websites to run scripts, is especially bad for your anonymity: the set of websites which you allow to run scripts is very likely to uniquely identify your browser.

https://www.torproject.org/docs/faq.html.en#TBBCanIBlockJS

>>35754879
Look, imagine there are 10 Tor nodes. I know they are Tor nodes and I see all the traffic which goes in an out. Now you open a connection over tor. You are the only user who uses tor. I can trace you perfect. More users only blur the image. Based on timestamps and statistics a lot ob the connections can be reconstructed from entry node to exit node.

>>35755001
What if I want no websites at all to run shitscript

I think this is to do with traffic analyis of hidden services. It's a bad idea to have one big hidden service cater for lots of other hidden services. This generates a lot of traffic, easily identifiable as Tor traffic and so some networking freaks would be able to pinpoint the servers eventually after looking at patterns.

>>35755036

Then you should kill yourself for being a fucktard.

>>35753849 (OP)
>independent.ie
What they fuck do they know about Tor?
They reported on the "Deep web" once and it was pathetic. Reminiscent of that first segment regarding Anonymous by Fox with the exploding van:
"Another anxious click, six hours of programming and downloading plug ins, adjusting our privacy setting manually and removing any tangible trace of our location, we were in."

http://www.independent.ie/opinion/comment/wayne-doyle-welcome-to-the-deep-web-a-world-of-gunrunning-sex-trafficking-and-assassins-for-hire-26831637.html

>>35755004
Yeah thats why the whole concept of Tor is unsafe the first place: The entire traffic isnt encrypted

>>35755004
You're correct, it's called a traffic confirmation/timing correlation attack. The attacker only needs to control the entry node and exit node (which is very unlikely but possible). Tor acknowledges this on their site.

>>35754879
but the requests don't change, dipshit. if you do HTTP GET www.google.com/foo into the Tor network, then a HTTP GET www.google.com/foo will come out of the Tor network at sometime. All you have to do is find where it went in and where it came out, which isn't hard to do if you are facing a supposed "global adversary" who can see the entire network graph.

so who has some good onions for me to check out?

>>35755059
>only needs to control the entry node
you know, then they can just scan the harddrive for CP and that's it.

>>35755051
wouldn't it be secure to not run javascript at all?