![eb303623](https://pic-cc.com/data/avatars/m/150/150934.jpg?1733143058"){kind=avatar}
eb303623
MEMO
- Joined
- 01.05.24
- Messages
- 254
- Reaction score
- 8,154
- Points
- 93
We all use internet or browse and research on a normal basis (not for illegal activity) but, we still need to protect ourselves while we browse through the net because, some sites might be a target or harmful.
Your internet browser serves as your computer’s ambassador to the internet. How it presents itself to the websites you visit and their third-party advertisers will, to
some extent, influence how those sites and advertisers will behave in return. More importantly, the setup of your browser will certainly dictate what browsing information your computer stores. Setting up your browser is an important step in controlling your virtual security perimeter and protecting your personal privacy.
The first browser setup we will look at is for the protection of your privacy, and so we will try to limit as much as we can the information that is collected from your
browsing sessions. If you wish to look at a browser setup for fraud related activities, then I will discuss that at the end of this chapter. I wouldn’t skip this one though as it is very important for using the web normally, when you are not doing
anything fraudulent.
THE THREATS
1. COOKIES: These are perhaps the most common means through which your browsing sessions are tracked. Cookies are small pieces of data placed on your computer by the websites you visit. They are placed there to be helpful. Cookies
remember which links you have clicked, the products you have looked at, and sometimes your login information. You may be already logged in when you visit a
page again. Accepting cookies is almost always required to complete a purchase or other transaction on a webpage. If your browser won’t accept a cookie, the site you are visiting cannot remember what items are in your cart. Unfortunately, cookies are capable of doing much more than remembering which videos you have previously viewed on a website. Cookies can also be used to spy on you. Third-party cookies are not placed on your machine by each site you visit, but by a third-party that is partnered with the “host” site. They are purely for
analytical purposes and track your browsing from site to site. Some popular websites may allow as many as 40 third party cookies to be installed when you visit their site. Each one of these can record your username, account name, IP address (which can be resolved to your physical location), and each site that you visit. All of this can be used to create a comprehensive picture detailing your online activity. Making matters worse, these cookies are also very persistent. Cookies are usually
designed to last 90 days before they expire (some last longer). During the entire 90-day period the cookie may be used to track you. If you revisit the site where you got the cookie, a new one is installed and the 90-day clock resets. In this way cookies can be used to track users more or less over a lifetime.
I personally recommend clearing cookies frequently and never accepting third-party cookies.
2. BROWSER FINGERPRINTING: This is the process of identifying enough specific characteristics about a browser to make it unique or nearly unique. Though this
fingerprint may not positively identify you, it can be used to create a very comprehensive picture of what content you frequent. If you have been, or
subsequently are, positively identified, this information can be directly correlated to you. The factors used to fingerprint a browser are many, and most of the reasons they are requested are legitimate. The sites you are visiting must know some of this information to allow sites to present and function properly with your device. These factors include your screen size and resolution, the fonts you have installed on your device, the time zone to which your computer is set, any add-ons that you
have installed, cookie settings, and your browser and operating system details. Browser fingerprinting is an extremely dangerous form of tracking because it is very difficult to defeat. While you can refuse to accept cookies it is very difficult to
change your screen resolution. I will give you some advices to offer some light protection against this form of tracking. The EFF foundations has an excellent
browser fingerprinting tool that will tell you how unique your browser is, as well as an excellent white-paper on the topic. I will leave the link to it below.
https://panopticlick.eff.org
WHICH BROWSER SHOULD I USE FOR PRIVACY?
There are a lot of privacy-base browsers for example Duck Duck Go, Firefox etc. but we shall focus on Firefox.
If you wish to setup a browser for maximum security and privacy, I recommend Firefox. The reason for that is, Firefox offers the greatest control over security and privacy settings, and there are numerous add-ons for it that can harden the security of your browser.
The first and most basic step you should take is to ensure your browser is up to date. Outdated browsers with security holes are an extremely common attack vector. Browser updates are issued frequently to patch these vulnerabilities as they are discovered. Once you have ensured your browser is up to date, some settings must be modified to ensure the greatest possible privacy and security. Go to the Firefox Options and change the settings below.
o Change your homepage to https://google.com. Millions of people use this as their homepage and it is completely non-alerting.
o Change the downloaded files location from the “Downloads” folder to an encrypted location.
o Under Privacy, turn off do not track. Websites have absolutely no obligation to honor your requests, and in fact, they rarely do. We will take much more aggressive steps to ensure we are not being tracked. However, you may elect to tell sites that you do not wish to be tracked if you so wish.
o Under History, select “Use custom settings for history” from the pull-down menu. Then, uncheck “Always use private browsing mode” and “Remember my browsing and download history” and “Remember search and form
history”. This will prevent Firefox from remembering any history after your browsing session has closed.
o Next, still under History, check the box that says “Accept cookies from sites”. This will allow cookies from the websites you visit. Without cookies, it is very difficult to make purchases, use online streaming services, or enjoy many of the other potential benefits of the internet. Though accepting cookies is not ideal, we will take steps to get rid of them upon closing Firefox. Next, under the “Accept cookies from third-party sites” drop-down, select “Never”. Third-party sites are sites that you have not visited but that are still attempting to track internet usage for marketing purposes. There is no need to accept their
cookies since you have not visited these websites. Under “Keep until” (which refers to how long cookies are retained), select “I close Firefox”. By default, cookies may last 30, 60, or as long as 90 days, and may track your browsing
sessions throughout that entire period. This option will ensure they are not saved after your browsing session has ended. After that, check the box that says “Clear history when Firefox closes”.
o Before moving on click the “Settings” box to the right. This will bring up an entirely new dialogue that gives you very granular control of the items that Firefox clears upon closing. They are Browsing and Download History, Active
Logins, Form & Search History, Cookies, Cache, Saved Passwords, Site Preferences, and Offline Website Data. Select all of them and click OK to close the dialogue. Finally, under “Location Bar” uncheck History, Bookmarks,
and Open Tabs.
o Under Security check “Warn me when sites try to install add-ons” box. Next, deselect both the “Block reported attack sites” and “Block reported web forgeries” options. Both of these options could allow Firefox to track your web activity by sending the sites you visit to Mozilla for vetting against a
whitelist. Though I don’t personally distrust Mozilla or Firefox, I still prefer to send them as little information about my browsing sessions as possible. Finally, deselect the “Remember passwords for sites” and “Use a master password”.
FIREFOX ABOUT:CONFIG
Go to the address bar, and type about:config. This will open a menu where power-users can make many adjustments to the application. Bypass the warning, and look for these values, change them accordingly.
media.peerconnection.enabled – SET IT TO FALSE
network.prefetch-next – SET IT TO FALSE
network.http.sendRefererHeader – SET IT TO TRUE
browser.send_pings – SET IT TO FALSE
beacon.enabled – SET IT TO FALSE
geo.enabled – SET IT TO FALSE
webgl.disabled – SET IT TO TRUE
pdfjs.disabled – SET IT TO TRUE
plugins.notifymissingflash – SET IT TO FALSE
security.cert_pinning.enforcement_level – SET IT TO 1
network.IDN_show_punycode – SET IT TO TRUE
FIREFOX ADD-ONS
Add-ons are small programs that can be added to Firefox. There are thousands of add-ons for Firefox and most of them are not designed to enhance your privacy or security. The add-ons listed here make Firefox more private and more secure, make it more difficult for your browsing history to be tracked, and reduce the possibility of certain types of malicious attacks successfully targeting you. I won’t
get much in-depth into each one of them, I will just list them here, if you wish to read more about each one of them and their features, look them up on Google. I recommend you install each one of these on your browser for maximum privacy.
DO NOT USE THESE FOR FRAUD ACTIVITIES, AS THAT WILL 100% LEAD TO A DECLINED TRANSACTION. FRAUD BROWSER SETUP IS ON ANOTHER CHAPTER
o NO-SCRIPT
o HTTPS EVERYWHERE
o UBLOCK ORIGIN
o COOKIE AUTODELETE
o USER-AGENT SWITCHER
o CANVASBLOCKER
TOR BROWSER
Though it is nearly impossible to be completely anonymous online, Tor is as close as you can get. No discussion of online privacy would be complete without a thorough discussion of Tor. Tor prevents your internet service provider, third-party advertisers and trackers, and even governments from seeing what you’re up to online. Tor is typically demonized in the media as a tool for terrorists and criminals, but hypocritically enough, it was originally developed by the US Navy.
I will give you a brief explanation of the more technical aspects of how Tor provides the anonymity it offers. When using the Tor browser, the traffic you request is not sent straight to and from the website you wish to visit. Instead, Tor makes your traffic anonymous by routing it through three intermediary servers (called nodes) prior to sending the request to the desired website. When you first open Tor Browser, a connection is made with a server (called a directory server) that receives your request. This server will then build your custom network. Traffic is encrypted from the user device, through the network, and is only fully decrypted
when it leaves the network en route to its intended destination.
Your traffic is heavily encrypted within the Tor Network, which also contributes to your anonymity. When your request leaves your computer it is encrypted three
times. The first node at which it arrives (called the “entry guard”) can see that it came from you. Upon removing the first layer of encryption, it can “see” the next
node, it can see the node it was sent from and the node it will forward to, though it cannot tell that the request originated with you, or where the request is
ultimately being sent. When your request arrives at the exit node the last layer of encryption is removed and your request is transmitted to its final destination. When your traffic is returned it is routed through the same network.
TOR DISADVANTAGES:
Even though I believe strongly in both the philosophical mission of Tor and in the technical implementation of the browser bundle, I would be remiss if I did not mention the disadvantages of using Tor, and it's vulnerabilities. The first disadvantage to most people is Tor is inconvenient. By
routing all your traffic through three intermediate servers prior to sending it to its destination Tor traffic is much slower than “normal” traffic. Each of the computers
through which your traffic is routed may be much slower than your own, and so may be their individual internet connections.
Another major disadvantage is that some sites disallow logins, account creation, or other transactions from the Tor network. Further, many sites will require multiple captcha entries and are generally unfriendly to Tor. As I will say many times,
CONVENIENCE AND SECURITY ARE INVERSELY PROPORTIONAL. I believe the slight inconveniences of Tor are more than made up for by the privacy and security it offers. Even though Tor is very secure, it is still not vulnerable.
Finally, Tor creates a very distinctive signature. Packets sent over the Tor network look very different from “normal” internet traffic. I believe this elevates your profile and makes you more “interesting” than non-Tor users. You should seriously consider using a obfs4 Tor bridge to hide your use of the Tor network from your ISP, and even from your VPN provider as well.
TOR VULNERABILITIES:
All the Tor servers used to re-route communications are hosted by volunteers. The host of the final server your communications are routed through can monitor any transmissions that exit Tor in plaintext though it would still theoretically be anonymous. This is why Tor places such emphasis on the HTTPS Everywhere add-on. When your traffic leaves the exit node it will still be encrypted with the TLS protocol if so supported by the website. This will prevent
your traffic from being monitored by a malicious exit node.
You should also be aware that Tor is extensively monitored by law enforcement and intelligence agencies (both domestic and foreign) that may, under some
circumstances, be able to observe your traffic. Tor is not a perfect solution and is vulnerable to some types of exploits. Your anonymity can be compromised on Tor
in any of several different ways. For example, if you make a purchase on Tor using your credit card or other financial information that is linked to your true identity your anonymity will be breached. Further, Tor may also raise your profile.
Likewise, if you log into an email, social media, ecommerce, or other site that is associated with your name, your true identity will be associated with that entire browsing session. Opening a downloaded document while still connected to the internet is one of the most prevalent ways in which anonymity of Tor is broken.
Further, if you make any modifications to your version of Tor Browser it may be fingerprinted. This fingerprint can track you around the internet and eventually
reveal your true identity. The default Tor Browser is designed to prevent browser fingerprinting. It discourages you from installing add-ons, and it makes all versions,
regardless of download location, exactly the same. It even warns you not to maximize the browser which can reveal your computer’s full screen size and resolution. Any modification can make your version of Tor Browser absolutely unique and make you trackable. There are many other ways that the veil of
anonymity Tor provides can be pierced. To be truly anonymous takes extraordinary effort.
Even if you are using Tor “perfectly” and adhere to all best practices, your anonymity may still be compromised by adversaries with worldwide reach (US Government for example). Such adversaries can correlate the time between a Tor
connection being established and the location from which it was established to determine a user’s true identity.
BROWSING PRIVACY BEST PRACTICES
DON’T STAY LOGGED IN: When you are logged into your email or social media account, these services monitor everything you do on the internet. Not only do
social media accounts log your “likes” and “tweets”, they also record other sites you go to, accounts that you create, things you purchase, videos you watch, songs you download, appointments you make online, and a wealth of other information. Many people like to remain logged into their Gmail or other accounts constantly because of the convenience it affords. This convenience can be compromising to privacy.
While it is much more work (privacy is neither easy nor convenient), I recommend the following. If you need to check your Gmail, Facebook, or other account that is
associated with your name, close your browser and clean it as described below. After you have done this, open your browser, log in, and conduct your business.
While you are logged in do not visit any other sites or log into any other accounts. When you have finished, log out of the site, close your browser, and clean your
system again.
CLOSE AND CLEAN: I strongly recommend closing your browser between sessions. It is especially important to close your browser after visiting a website to which
you have logged in, such as an email or social media account so that all browsing history and cookies are deleted. Simply logging out of the website will not delete
the cookies it placed on your computer, and the site will still be able to track your movements around the internet. Though this is not an absolute measure of
protection from tracking it does break your data down into smaller pieces. If you never clear your system you are creating a month or year long record of every website you have visited on the internet, and sharing it with hundreds of other parties.
I recommend also cleaning your system between sessions. I recommend using Bleachbit and CCleaner if you are running Windows. These programs will
thoroughly delete all browsing history including your internet cache, cookies, download history and location, session history, compact databases, and more..
BE CAREFUL WHAT WEBSITES YOU VISIT: The beauty of the internet is that it puts the world at your fingertips. Any interest you have can likely be explored and
expounded upon on the internet. Many of these sites do not have your best interest in mind and care little about your security or privacy. Websites are commonly used as attack vectors for malware, to track your browsing habits, or to get personal information from you. Thoughtfulness is required when browsing the internet. Pornography websites are notorious as being attack vectors for malware.
Clicking on the wrong link on a porn site can quickly lead to adware, nagware, ransomware, or worse. Porn websites are not alone in this. Be careful about the
websites you visit. Pause and ask yourself two questions when any site is full of pop-ups. Does clicking a link on the site cause a new, unrelated window to open?
Does the site cleverly conceal links that end up opening lots of new windows? If the answer to either of these questions is yes, the site is probably one you should avoid.
DO NOT CLICK ADS: Malvertising is an extremely sophisticated attack vector. This threat alone should be enough to dissuade you from clicking on online advertisements. If this isn’t enough to convince you, also consider the fact that even the most benign of these ads will still track your browsing session.
DO NOT IGNORE WARNINGS: If you visit a website and receive a warning from your browser, or from a browser extension like NoScript, it is probably a good idea
to skip that site.
DO NOT DOWNLOAD FROM UNTRUSTED SITES: Be very careful about the sites from which you download files and applications. Though torrent sites are fun and
many people use them to get free media, they are also rife with malware.
USE CARE WHEN DOWNLOADING APPLICATIONS: When downloading applications, you should always use extreme care. Applications can contain extensive malicious payload, and attention should be paid to the quality of the
download you are getting. If at all possible, attempt to download programs directly from their source, and check their signatures before running to ensure you are getting exactly what you want, and not some malicious file.
CONCLUSION :
Hope this guide will let you stay safe while using the Internet for normal and safety browsing. We shall cover in another chapter, How to setup your browser for carding.
STAY TUNE .....
GOOD LUCK!
Your internet browser serves as your computer’s ambassador to the internet. How it presents itself to the websites you visit and their third-party advertisers will, to
some extent, influence how those sites and advertisers will behave in return. More importantly, the setup of your browser will certainly dictate what browsing information your computer stores. Setting up your browser is an important step in controlling your virtual security perimeter and protecting your personal privacy.
The first browser setup we will look at is for the protection of your privacy, and so we will try to limit as much as we can the information that is collected from your
browsing sessions. If you wish to look at a browser setup for fraud related activities, then I will discuss that at the end of this chapter. I wouldn’t skip this one though as it is very important for using the web normally, when you are not doing
anything fraudulent.
THE THREATS
1. COOKIES: These are perhaps the most common means through which your browsing sessions are tracked. Cookies are small pieces of data placed on your computer by the websites you visit. They are placed there to be helpful. Cookies
remember which links you have clicked, the products you have looked at, and sometimes your login information. You may be already logged in when you visit a
page again. Accepting cookies is almost always required to complete a purchase or other transaction on a webpage. If your browser won’t accept a cookie, the site you are visiting cannot remember what items are in your cart. Unfortunately, cookies are capable of doing much more than remembering which videos you have previously viewed on a website. Cookies can also be used to spy on you. Third-party cookies are not placed on your machine by each site you visit, but by a third-party that is partnered with the “host” site. They are purely for
analytical purposes and track your browsing from site to site. Some popular websites may allow as many as 40 third party cookies to be installed when you visit their site. Each one of these can record your username, account name, IP address (which can be resolved to your physical location), and each site that you visit. All of this can be used to create a comprehensive picture detailing your online activity. Making matters worse, these cookies are also very persistent. Cookies are usually
designed to last 90 days before they expire (some last longer). During the entire 90-day period the cookie may be used to track you. If you revisit the site where you got the cookie, a new one is installed and the 90-day clock resets. In this way cookies can be used to track users more or less over a lifetime.
I personally recommend clearing cookies frequently and never accepting third-party cookies.
2. BROWSER FINGERPRINTING: This is the process of identifying enough specific characteristics about a browser to make it unique or nearly unique. Though this
fingerprint may not positively identify you, it can be used to create a very comprehensive picture of what content you frequent. If you have been, or
subsequently are, positively identified, this information can be directly correlated to you. The factors used to fingerprint a browser are many, and most of the reasons they are requested are legitimate. The sites you are visiting must know some of this information to allow sites to present and function properly with your device. These factors include your screen size and resolution, the fonts you have installed on your device, the time zone to which your computer is set, any add-ons that you
have installed, cookie settings, and your browser and operating system details. Browser fingerprinting is an extremely dangerous form of tracking because it is very difficult to defeat. While you can refuse to accept cookies it is very difficult to
change your screen resolution. I will give you some advices to offer some light protection against this form of tracking. The EFF foundations has an excellent
browser fingerprinting tool that will tell you how unique your browser is, as well as an excellent white-paper on the topic. I will leave the link to it below.
https://panopticlick.eff.org
WHICH BROWSER SHOULD I USE FOR PRIVACY?
There are a lot of privacy-base browsers for example Duck Duck Go, Firefox etc. but we shall focus on Firefox.
If you wish to setup a browser for maximum security and privacy, I recommend Firefox. The reason for that is, Firefox offers the greatest control over security and privacy settings, and there are numerous add-ons for it that can harden the security of your browser.
The first and most basic step you should take is to ensure your browser is up to date. Outdated browsers with security holes are an extremely common attack vector. Browser updates are issued frequently to patch these vulnerabilities as they are discovered. Once you have ensured your browser is up to date, some settings must be modified to ensure the greatest possible privacy and security. Go to the Firefox Options and change the settings below.
o Change your homepage to https://google.com. Millions of people use this as their homepage and it is completely non-alerting.
o Change the downloaded files location from the “Downloads” folder to an encrypted location.
o Under Privacy, turn off do not track. Websites have absolutely no obligation to honor your requests, and in fact, they rarely do. We will take much more aggressive steps to ensure we are not being tracked. However, you may elect to tell sites that you do not wish to be tracked if you so wish.
o Under History, select “Use custom settings for history” from the pull-down menu. Then, uncheck “Always use private browsing mode” and “Remember my browsing and download history” and “Remember search and form
history”. This will prevent Firefox from remembering any history after your browsing session has closed.
o Next, still under History, check the box that says “Accept cookies from sites”. This will allow cookies from the websites you visit. Without cookies, it is very difficult to make purchases, use online streaming services, or enjoy many of the other potential benefits of the internet. Though accepting cookies is not ideal, we will take steps to get rid of them upon closing Firefox. Next, under the “Accept cookies from third-party sites” drop-down, select “Never”. Third-party sites are sites that you have not visited but that are still attempting to track internet usage for marketing purposes. There is no need to accept their
cookies since you have not visited these websites. Under “Keep until” (which refers to how long cookies are retained), select “I close Firefox”. By default, cookies may last 30, 60, or as long as 90 days, and may track your browsing
sessions throughout that entire period. This option will ensure they are not saved after your browsing session has ended. After that, check the box that says “Clear history when Firefox closes”.
o Before moving on click the “Settings” box to the right. This will bring up an entirely new dialogue that gives you very granular control of the items that Firefox clears upon closing. They are Browsing and Download History, Active
Logins, Form & Search History, Cookies, Cache, Saved Passwords, Site Preferences, and Offline Website Data. Select all of them and click OK to close the dialogue. Finally, under “Location Bar” uncheck History, Bookmarks,
and Open Tabs.
o Under Security check “Warn me when sites try to install add-ons” box. Next, deselect both the “Block reported attack sites” and “Block reported web forgeries” options. Both of these options could allow Firefox to track your web activity by sending the sites you visit to Mozilla for vetting against a
whitelist. Though I don’t personally distrust Mozilla or Firefox, I still prefer to send them as little information about my browsing sessions as possible. Finally, deselect the “Remember passwords for sites” and “Use a master password”.
FIREFOX ABOUT:CONFIG
Go to the address bar, and type about:config. This will open a menu where power-users can make many adjustments to the application. Bypass the warning, and look for these values, change them accordingly.
media.peerconnection.enabled – SET IT TO FALSE
network.prefetch-next – SET IT TO FALSE
network.http.sendRefererHeader – SET IT TO TRUE
browser.send_pings – SET IT TO FALSE
beacon.enabled – SET IT TO FALSE
geo.enabled – SET IT TO FALSE
webgl.disabled – SET IT TO TRUE
pdfjs.disabled – SET IT TO TRUE
plugins.notifymissingflash – SET IT TO FALSE
security.cert_pinning.enforcement_level – SET IT TO 1
network.IDN_show_punycode – SET IT TO TRUE
FIREFOX ADD-ONS
Add-ons are small programs that can be added to Firefox. There are thousands of add-ons for Firefox and most of them are not designed to enhance your privacy or security. The add-ons listed here make Firefox more private and more secure, make it more difficult for your browsing history to be tracked, and reduce the possibility of certain types of malicious attacks successfully targeting you. I won’t
get much in-depth into each one of them, I will just list them here, if you wish to read more about each one of them and their features, look them up on Google. I recommend you install each one of these on your browser for maximum privacy.
DO NOT USE THESE FOR FRAUD ACTIVITIES, AS THAT WILL 100% LEAD TO A DECLINED TRANSACTION. FRAUD BROWSER SETUP IS ON ANOTHER CHAPTER
o NO-SCRIPT
o HTTPS EVERYWHERE
o UBLOCK ORIGIN
o COOKIE AUTODELETE
o USER-AGENT SWITCHER
o CANVASBLOCKER
TOR BROWSER
Though it is nearly impossible to be completely anonymous online, Tor is as close as you can get. No discussion of online privacy would be complete without a thorough discussion of Tor. Tor prevents your internet service provider, third-party advertisers and trackers, and even governments from seeing what you’re up to online. Tor is typically demonized in the media as a tool for terrorists and criminals, but hypocritically enough, it was originally developed by the US Navy.
I will give you a brief explanation of the more technical aspects of how Tor provides the anonymity it offers. When using the Tor browser, the traffic you request is not sent straight to and from the website you wish to visit. Instead, Tor makes your traffic anonymous by routing it through three intermediary servers (called nodes) prior to sending the request to the desired website. When you first open Tor Browser, a connection is made with a server (called a directory server) that receives your request. This server will then build your custom network. Traffic is encrypted from the user device, through the network, and is only fully decrypted
when it leaves the network en route to its intended destination.
Your traffic is heavily encrypted within the Tor Network, which also contributes to your anonymity. When your request leaves your computer it is encrypted three
times. The first node at which it arrives (called the “entry guard”) can see that it came from you. Upon removing the first layer of encryption, it can “see” the next
node, it can see the node it was sent from and the node it will forward to, though it cannot tell that the request originated with you, or where the request is
ultimately being sent. When your request arrives at the exit node the last layer of encryption is removed and your request is transmitted to its final destination. When your traffic is returned it is routed through the same network.
TOR DISADVANTAGES:
Even though I believe strongly in both the philosophical mission of Tor and in the technical implementation of the browser bundle, I would be remiss if I did not mention the disadvantages of using Tor, and it's vulnerabilities. The first disadvantage to most people is Tor is inconvenient. By
routing all your traffic through three intermediate servers prior to sending it to its destination Tor traffic is much slower than “normal” traffic. Each of the computers
through which your traffic is routed may be much slower than your own, and so may be their individual internet connections.
Another major disadvantage is that some sites disallow logins, account creation, or other transactions from the Tor network. Further, many sites will require multiple captcha entries and are generally unfriendly to Tor. As I will say many times,
CONVENIENCE AND SECURITY ARE INVERSELY PROPORTIONAL. I believe the slight inconveniences of Tor are more than made up for by the privacy and security it offers. Even though Tor is very secure, it is still not vulnerable.
Finally, Tor creates a very distinctive signature. Packets sent over the Tor network look very different from “normal” internet traffic. I believe this elevates your profile and makes you more “interesting” than non-Tor users. You should seriously consider using a obfs4 Tor bridge to hide your use of the Tor network from your ISP, and even from your VPN provider as well.
TOR VULNERABILITIES:
All the Tor servers used to re-route communications are hosted by volunteers. The host of the final server your communications are routed through can monitor any transmissions that exit Tor in plaintext though it would still theoretically be anonymous. This is why Tor places such emphasis on the HTTPS Everywhere add-on. When your traffic leaves the exit node it will still be encrypted with the TLS protocol if so supported by the website. This will prevent
your traffic from being monitored by a malicious exit node.
You should also be aware that Tor is extensively monitored by law enforcement and intelligence agencies (both domestic and foreign) that may, under some
circumstances, be able to observe your traffic. Tor is not a perfect solution and is vulnerable to some types of exploits. Your anonymity can be compromised on Tor
in any of several different ways. For example, if you make a purchase on Tor using your credit card or other financial information that is linked to your true identity your anonymity will be breached. Further, Tor may also raise your profile.
Likewise, if you log into an email, social media, ecommerce, or other site that is associated with your name, your true identity will be associated with that entire browsing session. Opening a downloaded document while still connected to the internet is one of the most prevalent ways in which anonymity of Tor is broken.
Further, if you make any modifications to your version of Tor Browser it may be fingerprinted. This fingerprint can track you around the internet and eventually
reveal your true identity. The default Tor Browser is designed to prevent browser fingerprinting. It discourages you from installing add-ons, and it makes all versions,
regardless of download location, exactly the same. It even warns you not to maximize the browser which can reveal your computer’s full screen size and resolution. Any modification can make your version of Tor Browser absolutely unique and make you trackable. There are many other ways that the veil of
anonymity Tor provides can be pierced. To be truly anonymous takes extraordinary effort.
Even if you are using Tor “perfectly” and adhere to all best practices, your anonymity may still be compromised by adversaries with worldwide reach (US Government for example). Such adversaries can correlate the time between a Tor
connection being established and the location from which it was established to determine a user’s true identity.
BROWSING PRIVACY BEST PRACTICES
DON’T STAY LOGGED IN: When you are logged into your email or social media account, these services monitor everything you do on the internet. Not only do
social media accounts log your “likes” and “tweets”, they also record other sites you go to, accounts that you create, things you purchase, videos you watch, songs you download, appointments you make online, and a wealth of other information. Many people like to remain logged into their Gmail or other accounts constantly because of the convenience it affords. This convenience can be compromising to privacy.
While it is much more work (privacy is neither easy nor convenient), I recommend the following. If you need to check your Gmail, Facebook, or other account that is
associated with your name, close your browser and clean it as described below. After you have done this, open your browser, log in, and conduct your business.
While you are logged in do not visit any other sites or log into any other accounts. When you have finished, log out of the site, close your browser, and clean your
system again.
CLOSE AND CLEAN: I strongly recommend closing your browser between sessions. It is especially important to close your browser after visiting a website to which
you have logged in, such as an email or social media account so that all browsing history and cookies are deleted. Simply logging out of the website will not delete
the cookies it placed on your computer, and the site will still be able to track your movements around the internet. Though this is not an absolute measure of
protection from tracking it does break your data down into smaller pieces. If you never clear your system you are creating a month or year long record of every website you have visited on the internet, and sharing it with hundreds of other parties.
I recommend also cleaning your system between sessions. I recommend using Bleachbit and CCleaner if you are running Windows. These programs will
thoroughly delete all browsing history including your internet cache, cookies, download history and location, session history, compact databases, and more..
BE CAREFUL WHAT WEBSITES YOU VISIT: The beauty of the internet is that it puts the world at your fingertips. Any interest you have can likely be explored and
expounded upon on the internet. Many of these sites do not have your best interest in mind and care little about your security or privacy. Websites are commonly used as attack vectors for malware, to track your browsing habits, or to get personal information from you. Thoughtfulness is required when browsing the internet. Pornography websites are notorious as being attack vectors for malware.
Clicking on the wrong link on a porn site can quickly lead to adware, nagware, ransomware, or worse. Porn websites are not alone in this. Be careful about the
websites you visit. Pause and ask yourself two questions when any site is full of pop-ups. Does clicking a link on the site cause a new, unrelated window to open?
Does the site cleverly conceal links that end up opening lots of new windows? If the answer to either of these questions is yes, the site is probably one you should avoid.
DO NOT CLICK ADS: Malvertising is an extremely sophisticated attack vector. This threat alone should be enough to dissuade you from clicking on online advertisements. If this isn’t enough to convince you, also consider the fact that even the most benign of these ads will still track your browsing session.
DO NOT IGNORE WARNINGS: If you visit a website and receive a warning from your browser, or from a browser extension like NoScript, it is probably a good idea
to skip that site.
DO NOT DOWNLOAD FROM UNTRUSTED SITES: Be very careful about the sites from which you download files and applications. Though torrent sites are fun and
many people use them to get free media, they are also rife with malware.
USE CARE WHEN DOWNLOADING APPLICATIONS: When downloading applications, you should always use extreme care. Applications can contain extensive malicious payload, and attention should be paid to the quality of the
download you are getting. If at all possible, attempt to download programs directly from their source, and check their signatures before running to ensure you are getting exactly what you want, and not some malicious file.
CONCLUSION :
Hope this guide will let you stay safe while using the Internet for normal and safety browsing. We shall cover in another chapter, How to setup your browser for carding.
STAY TUNE .....
GOOD LUCK!
