Page 1 of 1

TOR browser

Posted: Sun Jul 01, 2018 1:29 am
by jeffbert
This browser is supposed to add another layer of privacy to browsing. I looked at its page about its technique, how it adds to the https protection against hacking, etc., & thought it would be great, if it works. Anyone know anything about it?

Re: TOR browser

Posted: Sun Jul 01, 2018 7:42 am
by fafner
This browser is very powerful, but as with all security-oriented tools a small mistake can lead to the leak of information that can be used against the user. This applies mostly to people who are specifially watched, but it still can (less seriously) impact everyone such as you and me. For one thing, if you don't consistenly use the browser and switch from TOR to normal to access the same website, you may "telegraph" the website or anyone with strong listening powers (state-sponsored hackers for example) who you are, and make things more easy for them to identify other connections. So for example you need to access something very confidential (because for example your government doesn't want you to see it), and at the same time you want to read posts on this forum (not confidential). If you start using a TOR-enabled browser and use it to go here, you will tell any observer who you are (because there is no encryption and it is possible to see the username - but not the password but that's enough). If at the same time you access a "forbidden" website, a powerful enough observer can see both and know you are accessing that other website, although it may not know precisely what you are accessing if it is encrypted. Other actors such as advertisers (Google ads, I'm watching at you) can "see" you accessing both websites to, if they are using ads.

Re: TOR browser

Posted: Sun Jul 01, 2018 3:55 pm
by DrFrag
I tried it once years ago, curious about the dark net that was supposedly full of drug dealers, pedophiles and hitmen. All I found was seemingly paranoid schizophrenics who thought the government was reading their brain waves or whatever. It's probably good for people who actually live in dangerous countries with totalitarian governments, but I found it way too slow for general browsing.

Edward Snowden indicated https was sufficient as long as the end points aren't compromised. My understanding is it results in only the domain name being visible, and everything after the slash and anything downloaded is obscured. You could also get a logless VPN if you want more privacy. There's other things like NoScript but ultimately it depends on why you want privacy, because hiding from the NSA, hiding from criminal hackers, and hiding from Google are different things.

Re: TOR browser

Posted: Mon Jul 02, 2018 3:29 pm
by jeffbert
All I want is that when I buy something, my log-in password, & CC# are indeed secure. Currently, I always use chrome & a so-called "incognito window" along with https to avoid anything being written to the HDD. I got tired of constantly clicking "clear browsing data" to delete whatever.

:lol:

Re: TOR browser

Posted: Mon Jul 02, 2018 7:04 pm
by DrFrag
Most security compromises are either social engineering (bulk phishing emails) or hacks on the shop itself. You're not very likely to be targetted by an actual hacking attempt as an individual, but here are some precautions you can take:

1. Keep your OS and browser up to date. This keeps your system patched with security updates.
2. Use anti-virus software. Avast, BitDefender, Panda, AVG, MalwareBytes, etc. Common sense is not a substitute for an anti-virus - you're more likely to get a virus from a church web site than a porn web site.
3. Use HTTPS for shopping. Your browser will probably warn you if you're about to enter a password through a non-https connection.
4. Don't reuse passwords. If a password database gets compromised, it'll be added to the list used by hackers. Long passwords are better than complex ones. Keep them written down in a physical notebook.
5. Be wary of phishing emails. The main thing to check is the sender address. I got one recently from "brittanyjones911@yahoo.com" claiming I'd won the lottery. I'm pretty sure the lottery commission wouldn't use an email address like that. Don't reply to them or click on their links.
6. Use an ad blocker. A couple of years ago Forbes famously infected millions of users with malware-laden ads.
7. Decline to have your CC details saved by the site. If they save them they should be encrypted, but on the off chance they're not then it's better that they're not keeping a copy.
8. Never tell your passwords to anyone. Not to Microsoft, not to your IT support people, no one. Ever.
9. Ignore scam phone calls that claim to be from Microsoft or whoever claiming there's a problem with your Internet or CC accounts. If you're unsure, call them back through the official number in the phone book.

Incognito won't protect you as far as I know, but I still use it for general store browsing so I don't get constant recommendations for things I happened to look up once. I don't think you need to clear any browser data either. I'm pretty sure browser caches are encrypted these days.

Ultimately, your money is safe even if something gets hacked. There are procedures to contact your bank and have transactions halted or reversed if something fraudulent happens. Online shopping is really safe thanks to security experts around the world designing it that way. I can't think of anyone I know who's lost money from online shopping.

Re: TOR browser

Posted: Tue Jul 03, 2018 4:03 pm
by jeffbert
Thanks!