Hello everyone, I want to measure the latency of Tor, such as client to first hop, client to second hop, client to onion service.

Do you have any recommendation for measurement tools?

As far as my understanding goes, honeypots break anonymity when the user breaks OPSEC or downloads anything to their computer. Simply clicking on the website and browsing isn’t enough.

My question is, can a honeypot onion website redirect you to a clear-net website forcing you to go through an exit node? This way they don’t have to wait for you to do something stupid?

Users wraps message A in three layers of encryption, result is message D.

Node 1 decrypts message D into message C.

Node 2 decrypts message C into message B.

Node 3 decrypts message B into message A.

Server receives message A from Node 3.

Question: isn't it possible, having message A, to ask Node 3 what the message received was and who sent that message? Now we know about message B and Node 2, repeat - now we know [message C, Node 2], repeat - [message D, Node 1], repeat - User's IP address!

Tinfoil hat time. There are around 8000 nodes which is not that much, there are not a lot of countries hostile to USA, intelligence agencies share information with each other, independent nodes can be shut down or compromised.

Opened a suspicious link for a site. While using it opened a second tab which I immediately closed and once pressed the play button (it was a video) it asked for microphone permission. Immediately closed TOR and run the free version of malwarebytes, but I am still afraid I might have gotten infected with malware. The computer is a MacBook Pro. Am I being paranoid or ok?

I am reading about the history of Tor's TLS:
https://gitlab.torproject.org/legacy/trac/-/wikis/org/projects/Tor/TLSHistory
Here is some context from Stage 3 (Tor 0.2.3.6 and later):

When Tor traffic started being detected and blocked due to the use of renegotiation, the protocol switched to a simpler outer TLS handshake. This involved using a single certificate of any arbitrary type, no renegotiation, and allowing any cipher suite with ephemeral keys. For authentication, Tor implemented a workaround inside its own protocol by performing authentication based on a signature of a MAC of some TLS connection parameters and by passing along the actual certificates it wanted. This allows Tor to maintain the desired authentication while making its TLS handshake look simpler and blending it better with other TLS handshakes.

Protocol details are available at: https://gitweb.torproject.org/torspec.git/tree/proposals/176-revising-handshake.txt

Additionally, I’ve noticed that Tor has pluggable transports (such as obfs) to provide obfuscation.

Here’s my question: If I’m using pluggable transports like obfs, which already add an additional obfuscation layer to the traffic, isn’t the extra outer TLS layer redundant? Does it actually help in this case?

I want to put up a firewall against TOR Users entering my website.... I already have this mechanism to find people using TOR but it's not that good... 3/4 TOR users get past the firewall

Script.js

nandu.is-cool.dev/script.js (can't post code here cuz it looks ugly and unreadable)

(On the last functions of this script file there is the current mechanism to prevent tor users)

Hello everyone!

I recently started to develop a software to install mkp224o easily on any platform. Currently only the unix platform ist supported. The program allows the user to install and update the mkp224o binary.

I would love to hear some feedback on my code. Please share your thoughts! I would love to develop an reliable and elegant software with you guys!

?????
its stuck connecting forever, no errors
logs available in settings are empty
I tried reinstalling multiple times, disabling firewall,defender nothing helps

I did manage to enable tor.exe logs myself and I get this
Apr 06 02:26:54.015 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.

Apr 06 02:26:54.000 [notice] Parsing GEOIP IPv4 file C:\Users\asd\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip.

Apr 06 02:26:54.000 [notice] Parsing GEOIP IPv6 file C:\Users\asd\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6.

Apr 06 02:26:54.000 [notice] Bootstrapped 0% (starting): Starting

Apr 06 02:26:54.000 [notice] Starting with guard context "default"

Apr 06 02:26:54.000 [notice] Delaying directory fetches: DisableNetwork is set.

Apr 06 02:26:54.000 [notice] New control connection opened from 127.0.0.1
nothing after that.

It pops up on Ahmia all the time. Is there a Reddit black market that I am not aware of?

Which filter to use?

I assume capable actors would include governments. If it’s not the government that you are trying to avoid, then who? What is the point of Tor if useless against those that can actually hurt you?

The issue reads "Tor exited during startup. This might be due to an error in your torrc file, a bug in Tor or another program on your system, or faulty hardware. Until you fix the underlying problem and restart Tor, Tor Browser will not start."

My operating system is Windows 11 and I downloaded Version 14.0.9

I have little knowledge in computers and stuff so please don't throw much computer words at me

So here is the deal. My country just put out a new law; basically, this law states that from now on our IP address will be connected to our Taxpayer Identification Number so anyone that visits pirate sites and watches or downloads movies, games, etc. from there will be punished with a penalty fee. So you see, I'm way too poor to pay for subscriptions and shιτ like that. With that in mind, i'm looking for a way to hide my IP from the government.

I wanted to get rid of my past digital footprint for which i downloaded tor to access the darkweb and get help iykyk. But idk much of how all of this works and all i did was put on the VPN and browse, so idk how it works that I'll be able to access onion websites, are there some setting that need to be tweaked. but i need serious help.

As of just now, I am getting the error

"Tor Browser could not connect to Tor"

Tor will not connect over a bridge, either.

All was fine last night.

Running over a VPN.

How can I download tor in saudi arabia?

There's one feature that I really need, which is the window-title should be (or contain) the domain name being visited (like https://foo.bar.com) because it helps an offline password manager like KeepassXC read the active window title to show the applicable options when a hotkey for auto-type is activated. This is (1) QoL thingy in that I don't have to manually type into the search/filter to get to the correct password and (2) Security good-practice to combat phishing.

Normally, browser extensions of any password manager (like KeepassXC-browser-extension, bitwarden, etc) will modify the DOM to add its own icon next to the relevant fields (username/passwords/...) and this can be detected by the JS running on the page and this aids in fingerprinting.

However if I write my own simple extension which merely takes the FQDN of the visited URL and adds it to the window-title, then I'm assuming the extension should be undetectable and thus amount to no change in the fingerprint'ability.

So can anyone advise if this is fine and there's no compromise in privacy + security + anonymity?

---

Edit: Just to clarify, I don't mean to log into say my facebook account over TOR. Instead I mean if I want to log into services I created an account for completely anonymously and over TOR itself. No one should log into those over clearnet for obvious reasons.

Hi guys, I recently heard about darknet/deepweb and wanted to take a short look on them. I installed TOR on Ubuntu on Virtual Box (NAT + no shared folders and clipboard), visited some sites from hidden wiki (10- 15 max), found nothing really inteteresting to me and that's all, left it after 2 hours. No files downloaded. But the "vibe" of hidden stuff and long and strange .onion addresses gaves me a little fear about my host PC (Win10) about viruses that (well...) could escape from Ubuntu virtual machine to my net or host. Defender, MRT and HitmanPro have 0 detections for now. I know I'm an almost paranoic, but it was my first encounter with TOR and .onion web, so please, try to understand me instead of laughing about newbie that created this post, okay? Thanks!

Hello friends

I live in a country where the government is dictatorial, ruthless, and under banking sanctions. Bitcoin mining is also prohibited there, and very severe penalties are imposed on miners.

How can I connect my Bitcoin miners (like antminer s-19) to Tor?

Can I use a computer as a Tor router and connect my miner to it? How?

Basically what tilte says. I`m using burner sms/mail services for registration and it works fine on every browser except for TOR, Is this a bug or a feature and is it fixable?

Hey all, I’m new to Tor and only have an Android phone, no computer. I want to use it to look at conspiracies and current controversies on the dark web, like leaks or scandals for journalism purposes . I’d check out places like Dread or 8kun, just reading and copying text, not posting. Not into narcotics or anything illegal, just doing research.

I’ve heard phones might not be as safe as computers for Tor, like system leaks or other risks. I’d use Tor Browser with ProtonVPN and mobile data—no Wi-Fi where I am. Does that sound okay?
Any big problems using mobile data instead of Wi-Fi?

What should I watch out for with no PC?

Not a tech person, so keep it simple. Anyone using Tor on phone with mobile data how’s it work for you? Thanks in advance!

Tor comes with JS disabled, so server-side rendering is a must.

I heard many hidden services run on PHP, but php has a history of bugs and exploits, specially when not implemented perfectly.

I was thinking, is Elixir the GOAT here? Programming only the happy path and "let it crash" for all other paths.

What do you use for implementing a good and reliable hidden service page?