[ home / overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / music / 777 / posad / i / a / lgbt / R9K / dead ] [ meta ]

/leftypol/ - Leftist Politically Incorrect

"The anons of the past have only shitposted on the Internets about the world, in various ways. The point, however, is to change it."
Name
Email
Subject
Comment
Captcha
Tor Only
Flag
File
Embed
Password (For file deletion.)
Matrix   IRC Chat   Mumble
ReturnCatalogBottom

File: 1627490114789-0.png ( 62.47 KB , 1200x725 , 1200px-tor-logo-2011-flat.….png )

File: 1627490114789-1.png ( 909.59 KB , 1250x1000 , 529.png )

 No.407274[View All]

Hi /leftypol/
There's been talk recently about US intelligence agencies (CIA,FBI,NSA etc) spying and conducting astroturfing operations on various websites including Twitter, 4Chan, Reddit and obviously here /leftypol/.

I would like to remind everyone that you can use tor to browse this site (and other sites) anonymously, for newcomers it's very easy to use, just download it from here (https://www.torproject.org/) install it, open it and click connect.
There are mobile apps too:
Android:https://play.google.com/store/apps/details?id=org.torproject.torbrowser
IOS:https://apps.apple.com/mx/app/onion-browser/id519296448

After installing it use the Onion Link for leftypol.org:
http://wz6bnwwtwckltvkvji6vvgmjrfspr3lstz66rusvtczhsgvwdcixgbyd.onion

You don't even have to remember this address, you can configure tor to do the translation from regular sites (non-onion links) to onion links, so you only have to type "leftypol.org" and it will redirect you to the .onion link
>Open tor
>Hamburger Menu (Right Upper Corner)
>Options
>Privacy & Security
>Onion Services-> Always

You can use the site normally, post images and such.

Posting this here instead of /meta/ because almost no one reads /meta/, if mods want they can move the thread, but I think it should stay here at least for some hours.

STAY SAFE!
79 posts and 7 image replies omitted. Click reply to view.
>>

 No.408238

>>408211
And using whonix as a guest VM on windows 10 (already a NSA spying OS) is actually safe?
>>

 No.408254

>>408226
yeah madaidan is in the whonix and graphenos help chats. they shit on linux firefox extra hard, but they also have much higher standards than most people who aren't literally edward snowden need.
still, whonix just werqs ezpz so i use it
>>408238
in windows, yes using whonix is probably significantly more private than not using it, as everything in the whonix workstation is routed through tor, but idk really, I hardly use keylogger OS and I try to turn off internet if I do
whonix' documentation takes a steaming dump on windows
http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Host_Operating_System_Selection
>>

 No.408259

>>408238
Define 'safe'.
All advice is pretty silly without knowing you threat model. Who are you trying to protect yourself from? Site admins? Google? Your mom? National signals agency passive surveillance? A targeted criminal attack? A bear?
>>

 No.408290

File: 1627526165638.png ( 253.65 KB , 800x450 , ClipboardImage.png )

>>407363
Lol that website glows so hard

Whats with all the
>You don't need opsec silly goose! That's just for neeeeerds! You are a manly man and stand behind your actions!
>Use a VPN instead tee hee!
that crawl out every time Tor is mentioned?

>>408215
Using extensions will make your browser fingerprint much more unique, that said, you can keep separate tor-browser installs and leave one default. Obviously, just like with the clearnet browser you never crosslink, use the same logins or do anything that would correlate between them.

The creature comforts install for everyday stuff and the default install you use to plot a US capitol raid or to write mean, literally violence ,democracy threatening tweets to AOC.
>>

 No.408305

>>408259
i think they meant private, which seems a lot less clear to me concerning models because it's passive. i think all you can do is choose privacy-respecting tools and services
>>408290
state department FUD to discourage usage of tor
>>

 No.408306

>>408290
>crosslink
Haven't heard of that one. What do you mean?
>>

 No.408322

>>408305
>which seems a lot less clear to me concerning models because it's passive
Private from Google? Private from your ISP and government passively tracking? These have different solutions. The smaller your threat model, the less sacrifices you'll have to consider making. It's not worth going full /tech/ if you're just wanting to stop creepy Facebook ads and corporate survveilance.
>>

 No.408337

>>408306
You follow a link that blocks you for your location.
Your IP is not allowed any more free content.
You copy the address and paste on your already open tor-browser session.
You'd like to quote something on your Tor session post but you got the relevant content in a clearnet bookmark/feed.
You open the clearnet bookmark and copy it to your tor-browser post.
You made this cool meme/infographic and shared it on one identity claiming authorship and now you go and post it on the other.
>>

 No.408347

>>408337
Is copying https links from Tor to a clearnet browser safe?
>>

 No.408349

>>408347
>Is copying https links from Tor to a clearnet browser safe?
It's just like viewing them in the normal browser to start with. What are you concerned about?
>>

 No.408353

>>408347
You'd want to examine the URL and make sure it doesn't have any tracking identifiers like fbcid or whatever twitter uses etc etc

If you know what you're doing and paste it into a text editor to examine and possibly fix it first then maybe but just cutting and pasting is probably unwise and there may be timing attacks and screen size detection attacks that are possible but I haven't thought that through just throwing it out there as a possibility
>>

 No.408361

>>408353
This is a good point. Take a look at the whole link, things you don't understand shouldn't be trusted, especially ones that look like it's information about you (language, browser) rather than the page contents. Stuff after a '?' are options, and are often optional.
>>

 No.408376

>>408322
maybe I am a bad user, but I don't actually know who would find my DNS leaked IP address, and I'm not sure that dealing with that would be any different based on who is looking. this seems different from a security threat model where you make essential assumptions about your attacker and their capabilities. so the privacy threat model flowchart for me is basically 1) can I stop using certain products (google, microsoft etc) 2.A) do I want to hide my IP address while browsing, and 2.B) do I care enough to set up whonix 3) can I do basic opsec. I wonder what could be added to these steps
>>408361
>>408353
seems like there should be offline link cleaners for this reason. like offline ClearURLs
>>

 No.408762

If I make multiple posts on leftypol in one browsing session, does that leak information that all those posts are by one person?
>>

 No.408767

>>408762
assuming that you are still using tor it would all appear as the dedicated tor IP. The only way people could peice together what posts were from the same poster is through things like writing style, images and the timing of your posts
>>

 No.408771

>>408767
>>408768
What about the leftypol admins? I'm not accusing this place of being a honeypot, but hypothetically if it is, can they piece together our posts?
>>

 No.408777

File: 1627545832736.jpg ( 93.55 KB , 499x500 , 1627435287551.jpg )

>>408771
Even if they could piece together posts it wouldn't be any more effective that being able to learn typing habits via just regular anons on here. The amount of data is immeasurable, tbh. Everyone looks the same over the tor node: Everyone has an ip address of 127.0.0.1.
>>

 No.408789

>>408777
>>408785
Does leftypol have cookies that track users, even over Tor?
>>

 No.408791

>>408777
>Everyone has an ip address of 127.0.0.1.
The leftypol mods assigned tor addresses as the localhost address?
>>

 No.408793

>>408789
Idk but tor browser deletes cookies when u end session, can also hit 'new identity'
>>

 No.408794

>>408771
>>408785
As far as I am aware, the only information visible to any leftypol staff of a given poster is their specific IP address. Posting habits is the only way we would know if you are using TOR, since it uses the same address.
>>408789
I will ask the admins but I don't think so.
>>

 No.408800

>>408791
No tor assigns tor addresses as the localhost IP.
>>

 No.408802

The only vunerability that exists with tor is a birds eye view of the whole internet which ISP's have, but, that still can't de anon actual users. Only servers which it doesn't matter for us because our server is also available over the clear net.
>>

 No.408804

>>407281
There are no good VPNs. Get a web server and forward all traffic you use over your server via ssh. Or, use lokinet.
>>

 No.408806

>>407303
Leftypol blocks exit nodes. You must connect over the tor node. This is for security as exit nodes are notoriously compromised.
>>

 No.408807

>>408800
? If you visit https://browserleaks.com/ip on tor you will find the IP address of your exit node
>>

 No.408809

File: 1627547563060.jpg ( 63.54 KB , 768x1024 , 1626808578111.jpg )

>>407363
This anon is a fucking idiot. Again, more retards who don't know the difference between exit nodes and onion nodes.

>2017 - A vunerability was found in an outdated issue of firefox which the tor browser is based off of which retards going to CP sites were using. That is how the first crack happened. Still not actually anything wrong with the tor network itself.

>Tor devs cooperate with the FBI

Bullshit, lies and slander.

>When you use tor your stand out.
Unless you use a bridge, or, a VPS.

>Anyone can operate tor nodes
Anyone can operate anything. Learn how to identify honey pots and avoid them.
Furthermore, this makes zero fucking sense because, again, all ip's are 127.0.0.1 over a tor node/onion link and all data has been encrypted to that point. So no, they can't just "collect your data from your ip address" Even over exit nodes they still need access to your host machine and the exit node you are traveling to to identify you.

>Mallicious tor nodes exist

Irrelevant for reasons stated above

>No warrant neccesary to spy on tor users.

Other than being an out right lie it still doesn't even matter because you can't see what is going on.

>Tor was created by the USG

Who gives a shit. The internet was created by the USG

>Tor is funded by the USG

Yeah cause it works. It's funded by many people.

>When you use tor you help the USG
False, when you use tor you help people like us.

>IP's leak over tor
False, not if you know what you are doing or are using the TOR browser.

>Using tor can make you a target

So can being a communist.

Kill yourself CIA uyghur
>>

 No.408810

>>407418
I mean, they are safe as long as you use full disk encryption.
>>

 No.408812

>>408807
leftypol doesn't use exit nodes. This is what I am talking about. None of you understand what you are talking about.

You literally cannot access the site over an exit node. Furthermore, do you mean it will expose your IP? Cause your exit nodes IP is not your real IP?
>>

 No.408826

I think mods should make this thread a sticky, very good info and security tips.
>>

 No.408828

>>408812
I am tired and I forgot we were talking about leftypol the onion address. Interesting that it shows up as localhost, according to the one post. Yes it never leaves tor network, neither visitor nor site know each other's IP, etc. I believe the site and visitor 'meet' at some random tor server and it makes sense that tor network wouldn't differentiate between these for users or admins.
>>

 No.408858

>>408810
That's a different area of security. Tor helps with the Internet side of things. If you want (or need) to prevent physical access then other measures must be taken like FDE. It all depends on your threat model. If you think glowies won't be bursting into your room but want to hide from Internet surveillance then FDE is not necessary - although it's still a good thing to do just to be future-proof, considering it has very low impact on usability anyway.
>>

 No.408867

>>408789
Just assume every site tracks you, don't rely on trust. Compartmentalize your browsing across different sessions. That's what Tor browser's "New Identity" (Ctrl+Shift+U) is for. Make frequent use of it!

To explain the principle of compartmentalization further: whenever you browse the Internet in one browsing session, consider that as one single identity. If you now want to do something that shouldn't be tied to this identity, then reset the browsing session via "New Identity" function.

For example, I never mix browsing leftypol and local sites from my own country in one browsing session. Same goes for my hobbies - one hobby per session, nothing else in that session. That way cross-site trackers can't form a holistic profile.
>>

 No.408925

File: 1627556619316.pdf ( 3.56 MB , 228x300 , Tor_and_the_Dark_Art_of_An….pdf )

Is this book a good manual or is it out of date? I read the first few chapters but I'm a lazy indecisive cunt so I didn't continue
>>

 No.408986

>>408925
Idk, I took a glance and it seems like he gives advice without explaining the reasoning behind it, he doesn't talk much about the technicalities either. It probably contains some good tips, but don't follow it blindly without knowing why you're doing something and what it actually does.

The proper foundation for mastering any tool is a technical understanding of how it works from inside out, and why it does so - this in turn requires also understanding the technical capabilities of your adversary from inside out. Most of what I learned about Tor and OPSEC comes from a kinda of deliberate exercise in paranoia, mentally larping as a high priority target to get an idea of how surveillance works technically and how Tor network + Tor browser attempt to defend against it. I also learned a lot from their bug tracker over the years and generally following their development, so I'm aware of many ways Tor browser in particular is still not perfect. Unfortunately there's no neat overview of the current state out there, but this is a good starting point:
https://2019.www.torproject.org/docs/documentation
Here is a list of current bug reports about fingerprint issues in Tor browser:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues?label_name%5B%5D=Fingerprinting


For general OPSEC there is a lot of good stuff out there, just search the web. I recommend reading Grugq's case studies of why people got caught and what they could've done to avoid it. Since Kim has been mentioned in this thread, here's Grugq's analysis of the case:
https://grugq.github.io/blog/2013/12/21/in-search-of-opsec-magic-sauce/
>>

 No.408997

>>407274
tor has been breached like 4 or 5 years ago
>>

 No.409027

>>408925
>>408986 (me)
Forgot to mention: there's a lot of good conference presentations on youtube. Studying gov/corporate surveillance and hacking has become a whole research field. Once an attack is out in the wild it is quickly analyzed and presented to the public. Which is why "0days" (vulnerabilities that nobody else discovered yet) are sold like gold to the highest bidder and usually become useless very quickly once they're deployed.

Tor project also has their own youtube channel where they present current development and future goals:
https://invidious.snopyta.org/channel/UCglZ5lXxOpxFF281h6WBj3g
>>

 No.409030

>>408997
Any claims not already addressed by >>407923 ?
>>

 No.409365

If I delete my google account,will all other accounts on other websites that are linked to be deleted alongside with it? Or do I have to manually delete everything individually?
>>

 No.409404

>>407274
>There's been talk recently about US intelligence agencies (CIA,FBI,NSA etc) spying and conducting astroturfing operations on various websites including Twitter, 4Chan, Reddit and obviously here /leftypol/.
There has been talk but has there been PROOF? What makes anyone think that leftypol is even remotely high profile enough for CIA or FBI? 8ch/pol went under the radar at least two murdering psychos posted their manifestos their IN ADVANCE and they were not stopped. Unless you want to argue that the Powers that Be (TM) were aware of this and chose not to act (no proof, again), you have to at least acknowledge that 8ch was a much larger site than leftypol is now
>>

 No.409410

>>409404
They do certainly conduct astroturfing operations here, the Cuba threads are proof of that.
>>

 No.409415

>>407298
Brave browser comes with inbuilt tor integration if you just want to click a button…god forbid you are using chrome.

>>407302
Also this comrade glowie. They have backdoors in everything. They've poured a ton of resources into cracking encryption networks, and many of these secure services are probably honypots to begin with.
>>

 No.409418

I do not run and hide like a coward. I stand and shitpost like a man. Let them snoop.
>>

 No.409429

>>409404
>There has been talk but has there been PROOF? What makes anyone think that leftypol is even remotely high profile enough for CIA or FBI? 8ch/pol went under the radar at least two murdering psychos posted their manifestos their IN ADVANCE and they were not stopped

It's a larp. Nobody commits any crimes on here, and our fabled revolution is roleplay fantasy. Feds primarily want to catch

1. High level drug dealers (so they can take their money and stuff)
2. CP traffickers (rightly so because it's gross)
3. Ebin haxxors (they can't because they're all in Russia and China)
4. Right wing retards/terrorists
5. Muslims (more out of fashion these days)
….
1000. /leftypol/ users

In that order
>>

 No.409437

>>409429
Ok fed.
>>

 No.409438

>>409429
Wrong I'm currently typing this message from a black site in Honolulu after our resident glowie got her hands on me.
>>

 No.409440

>>409404
>8ch/pol went under the radar
The FBI literally outted themselves as posting there
>>

 No.409453

>>409415
They've poured millions into cracking encryption

And they still can't do it. Just make sure you are using the most up today encryption algorithms.
>>

 No.409516

>>409453
Generally if they want to find a specific individual they can, probably because they made a mistake or doxxed themselves subtly and they used old fashioned detective work. Encrypting the data packets, proxying the network, etc, do not account for other types of fingerprinting . There are lots of different areas that need to be covered.

Tor isn't about just about encryption, it's about obscuring the destination of a network request by relaying it through a bunch of routers that reconstruct the data and forward it to another one without preserving a trace to the originating client.

Also the NSA hosts its own Tor Nodes, the entire concept of Tor relies on the assumption that the servers on the network can be trusted and what happens in it can't be tracked from outside networks past the exit nodes it hands the data off to at its endpoints. Tor is only secure for obscuring where the packet originated FROM its end destination. When tor nodes themselves have been compromised this is called a bad apple attack and it can get your IPs

Let it also be known that Onion routing was literally invented by military spooks to secure US Intelligence agencies network traffic in the 1990s.
Is this a cause of using the master's tools against them or are their known backdoors?

In theory all encryption is crackable unless it is irreversible one-way encryption. All useful encryption is designed to be decrypted at a secure destination but the very fact that it can be decrypted means that it can be cracked.
>>

 No.409522

>>409516
>obscuring the destination
obscuring the origin I meant

Unique IPs: 9
[Return][Catalog][Top][Home][Post a Reply]
Delete Post [ ]
[ home / overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / music / 777 / posad / i / a / lgbt / R9K / dead ] [ meta ]
ReturnCatalogTopBottomHome