Grey - Privacy/TOR/OPSEC

Privacy

Guides and Reference

• Hitch Hiker's Guide to Online Anonymity

• Infosec_Reference/AnonOpSecPrivacy

• personal-security-checklist

• https://prism-break.org/en/ - A handy way to opt out of global data collection schemes

• https://www.safetydetectives.com/best-vpns/ - The VPN breakdown

• Electronic Frontier Foundation. Keep the internet free.

• EFF's Survielance Self Defense guide

• CrashOverride's DIY Secuirty Guides

• Security-in-a-box Security Guides

• https://exposingtheinvisible.org/resources/watching-out-yourself/ - Personal security guide for investigators

• AmIunique - Learn how identifiable you are on the Internet

• Surveillance Self-Defense - Tips, Tools and How-tos for Safer Online Communications.

Altnets

• https://www.whonix.org/wiki/ZeroNet - Excellent guide on how to securely setup ZeroNet. Also provides a decent list of common ZeroNet sites.

• https://nodehist.fidonet.org.ua - A large list of FidoNet nodes. Searchable by node address or sysop name.

• https://nzbfriends.com/ - A search engine for Usenet.

Tools

• Awesome Lists Collection: Anti-Forensics

• Awesome Lists Collection: Anti-Censorship

• Identity Scrubbers

  • https://onerep.com/

• PrivacyTools - Encryption Against Global Mass Surveillance

• SnowHaze Browser - SnowHaze is a browser with your privacy and security in mind. SnowHaze is open source and offers you the most extensive tools on iOS to reclaim the control over your personal data and move freely on the internet.

• MySudo - Handy tool for creating entire personal profiles with numbers and emails you can use in place of your personal information.

• https://privacy.com/ - A wonderful platform for placing anonymous purchases. Allows you to create a digital preloaded credit card so your real number isnt stored by amazon or google.

• 7-Day Free Phone Number Trial - Get Temporary Phone Numbers | Burner

• Syncthing - Open Source, secure file synchronization program.

• Tails - Home - Portable linux distribution focused on extreme privacy and security.

• Anonymouse.org - Proxied "anonymous" web searching tool.

• Privoxy - Home Page - Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk.

• Kali Anonsurf - ParrotSec's anonsurf and stealth, ported to work with Kali Linux.

  • ParrotSec/anonsurf - Anonsurf routes all your traffic through Tor, and it also lets you start i2p services and clear any traces left on the user disk. Anonsurf also kills away all dangerous applications by virtue of the Pandora bomb, so you do not need to worry about having a Tor browser and other scripts running to hide your system.

• cryptsetup-nuke-password - Installing this package lets you configure a special “nuke password” that can be used to destroy the encryption keys required to unlock the encrypted partitions. This password can be entered in the usual early-boot prompt asking the passphrase to unlock the encrypted partition(s).

• How to set up ProxyChains - Stay Anonymous

• How to set up ProxyChains - Change IP

• Changing/Masking your DNS Traffic

• VPN + ProxyChains = Maximum Anonymity

Privacy Comms

• TorChat - Decentralized anaonymous IM that uses Tor networks. Creates a new randomly generated .onion address for each client launch

  • http://kpvz7ki2v5agwt35.onion/wiki/index.php/Hacking_TorChat

• https://matrix.org/ - An open network for secure, decentralized, real-time communication.

• https://wire.com/en/ - Secure messaging, file sharing, voice calls and video conferences. All protected with end-to-end

• https://www.signal.org/ - an encrypted communications app.

Secure Webmail Providers

• CounterMail - online email service, designed to provide maximum security and privacy.

• Mail2Tor - is a Tor Hidden Service that allows anyone to send and receive emails anonymously.

• Tutanota - is the world's most secure email service and amazingly easy to use.

• Protonmail - is the world's largest secure email service, developed by CERN and MIT scientists.

• Startmail - private & encrypted email made easy.

Browser Privacy/Check yourself

• https://coveryourtracks.eff.org/ - EFF sponsored Browser tracking checker

• Panopticlick 3.0 - is your browser safe against tracking?

• Privacy Analyzer - see what data is exposed from your browser.

• Browser Mirror - See what your browser says about you

• Webkay - A demonstration of all the data your browser knows about you. All this data can be accessed by any website without asking you.

• Logger - IntelTechniques custom tool for seeing what data can be tracked in your browser.

• https://tenta.com/test/ - Site for checking DNS Leakage and other browser security issues.

• https://www.grc.com/shieldsup - Great tool for profiling your internet connection and router for exposure, potential vulnerabilities, and open ports.

• https://ipleak.net - See what information you are giving away while browsing the internet. IP addresses, DNS leaks, WebRTC leaks, fingerprints and user-agent.

• https://browserleaks.com - Here you will find a gallery of security testing tools that will show you what kind of personal data can be leaked, and how to protect yourself from it.

• https://shutuptrackers.com/browser/tweaks.php - Firefox Privacy Settings

• What every Browser knows about you — This site not only shows what information your browser provides to third-party sites, but also explains how it can be dangerous and suggests what extensions will help to ensure your anonymity.

• https://socradar.io/labs/vpnradar/ - VPN privacy checker

Personal Network Security

TOR

TOR Tools

• Awesome Lists Collection: TOR

• https://geti2p.net/en/ - Kinda like TOR?

• nipe - Tool to make TOR your default gateway

  • Hackersploit nipe guide

• onionscan.org - OnionScan is a free and open source tool for investigating the Dark Web.

• dos-over-tor

• Kalitorify - Transparent proxy through Tor for Kali Linux OS

• vanguards - Onion services defense tools

• OnionBalence - Onionbalance is the best way to load balance onion services across multiple backend Tor instances.

• multitor - Create multiple TOR instances with a load-balancing

• CrowdStrike/Tortilla - Route all network through Tor.

  • Hackersploit's guide to Tortilla

• https://iaca-darkweb-tools.com - A collection of darkweb search tools. Allows you to query .onion search engines, marketplaces and social media sites. -

• https://torrouters.com/ - THOR is a hardware version of the Tor (The Onion Router) bundle, which provides you with anonymity and privacy you need to bypass any ISP restrictions and enhance your privacy online.

Tor Bridges - alternative entry points for Tor that are not listed

• https://tails.boum.org/doc/first_steps/startup_options/bridge_mode/index.en.html

• https://bridges.torproject.org/bridges

• Some networks may block port TCP 9050 or even dynamically blacklist all Tor nodes in an attempt to prevent thier users from accessing the Tor network and get around access control

• This can be over come by useing Tor bridges.

• This can be configured to use by adding the bridge information to the torrc file like below

  • #Bridge fte 128.105.214.163:8080 [hash]

• Obfuscated bridges - bridges that use special plug-ins called pluggable transports which obfuscate the traffic flow of Tor making its detection harder

  • https://www.torproject.org/docs/bridges#PluggableTransports

  • Get these by requesting one by using a gmail/yahoo account and email bridges@bridges.torproject.org and enter “transport obfs3”

  • Tor Pluggable Transports Tor Browser Bundle

Interesting Tor pages

• Hidden Wiki - A large and neatly organized directory of .onion sites.

  • Darknet Version

• https://hidden-services.today - Place with fresh links to TOR services hidden that is free of spam and scam sites. Only trusted and safe links are provided.

• https://www.hunch.ly/darkweb-osint/ - Identify new hidden services, or find investigation targets that you might not have otherwise known about. It is 100% free and every day you will receive a link to a spreadsheet you can download or view online. Requires you to provide an email address to join their mailing list.

• TOR66 - An onion site that lists newly discovered onion sites that have been submitted from a variety of different clearnet platforms.

• H-Indexer - Another onion site that offers a list of fresh onions. Beware, results are often uncensored, so you may encounter illegal material.

• https://osint.party/api/rss/fresh - An amazing RSS feed of fresh and newly discovered .onion sites. Be careful, this feed remains uncensored, so you may encounter illegal content.

• https://www.bigdatacloud.com/insights/tor-exit-nodes

• Dread - Reddit of the darkweb

  • https://cafedread.com - A read-only archive of the Dread forum. Read the latest posts and comments. Also supports reading via Atom feeds.

• http://hacktownpagdenbb.onion/HackTown.html - One of my favorite sites on learning the operations of a black hat.

• https://metrics.torproject.org/exonerator.html - Enter an IP address and date to find out whether that address was used as a Tor relay.

Check yourself

• https://www.dnsleaktest.com/results.html - Check for DNS leaks in your TOR connection

• https://check.torproject.org/ - Are you connected to TOR? Are you sure?

Misc Reference

• Darknet Markey Buyers Guide - The buyer’s DNM bible aims to be a complete guide that covers all steps that users have to take in order to buy securely from darknet markets. It orientates itself on OPSEC best practices and, if exactly followed, will greatly minimize the risk of you getting caught.

  • https://archive.org/details/darknet-market-buyers-bible

• https://tryhackme.com/room/torforbeginners

OPSEC

• https://www.intelligencewithsteve.com/post/a-5-minute-guide-to-creating-a-covert-account-for-internet-investigations-osint

Good habits

• Your "work" computer should never ever have anything personally related to your real identity. Ever! • Your host machine should have Anti-Virus or Windows Defender enabled. • Your host machine should always be kept up to date with current updates. • Your host machine should have full HD encryption. • Your host machine should have opensnitch, Glasswire, or Littlesnitch installed. • Your host machine should have booting from USB disabled in the BIOS settings (see how to get into your BIOS and disable it). • Your host machine should have a VPN running on it. • Everything should be saved to the USB and never the HD. • A password manager should be used for storing your passwords. • VM should be saved onto on a USB/Micro SD and encrypted. • Whonix should be used to conduct all your Darkweb activities. • Spoof your MAC and Computer Name every time on start-up and shutdown. • Use CCleaner, bleachbit, or similar programs on your host machine before each shutdown. • Be conscious of other devices you may have on your person that are giving away your location (cell phones are not your friends). • PGP encryption for secure emailing • Only wired keyboards and mice • Read http://grugq.github.io/

Command line history

• Disable PS logging

  • https://github.com/leechristensen/Random/blob/master/CSharp/DisablePSLogging.cs

• .i. Leave Bash without history:

  Tell Bash to use /dev/null instead of ~/.bash_history. This is the first command we execute on every shell. It will stop the Bash from logging your commands.

  export HISTFILE=/dev/null

  It is good housekeeping to 'commit suicide' when exiting a shell:

  alias exit='kill -9 $$'

  Any command starting with a " " (space) will not get logged to history either.

  $  id

  1.ii. Hide your command

  /bin/bash -c "exec -a syslogd nmap -T0 10.0.2.1/24"
  # or starting as a background process:
  exec -a syslogd nmap -T0 10.0.2.1/24 &>nmap.log &

  Alternatively if there is no Bash:

  cp `which nmap` syslogd
  PATH=.:$PATH syslogd -T0 10.0.2.1/24

  In this example we execute nmap but let it appear with the name syslogd in ps alxwww process list.

  1.iii. Hide your arguments

  Download zap-args.c. This example will execute nmap but will make it appear as 'syslogd' without any arguments in the ps alxww output.

  gcc -Wall -O2 -fpic -shared -o zap-args.so zap-args.c -ldl
  LD_PRELOAD=./zap-args.so exec -a syslogd nmap -T0 10.0.0.1/24

Web Opsec

• Disable Javascript

• Set security to safest setting

• Use Cached version of website when on network instead of net requests.

  • cache.example.co.uk

• Use a search engine that does not track its users

  • https://www.duckduckgo.com

  • http://3g2upl4pq6kufc4m.onion/

• Tracking cookies

  • NSA uses things like Google Ads and other tracking cookies to identify users over TOR

  • http://www.washingtonpost.com/blogs//theswitch/wp/2013/12/10/nsausesgooglecookiestopinpointtargetsforhacking/

  • TOR browser and Tails delete cookies on exit

  • Regularly restart tor browser to keep deletings your cookies

  • Disable DOM storage pseudocookies

    • via about:config in URL bar

    • type “storage” in filter bar

    • set dom.storage.enabled to false

• Website settings

  • Disable “Show others my online status”

• Doublecheck

  • Display all the information your browser is currently showing about you

    • Use the above Browser

File management

• File verification

  • http://www.gpg4win.org/ - Verifes files via PGP signature

  • MD5 and Sha-1 hash verification

• File shredding ◇ http://www.dban.org ◇ http://www.fileshredder.org ◇ http://www.piriform.com/ccleaner

• Shred & Erase a file

  shred -z foobar.txt

• Shred & Erase without shred

  FN=foobar.txt; dd bs=1k count="`du -sk \"${FN}\" | cut -f1`" if=/dev/urandom >"${FN}"; rm -f "${FN}"

  Note: Or deploy your files in /dev/shm directory so that no data is written to the harddrive. Data will be deleted on reboot.

  Note: Or delete the file and then fill the entire harddrive with /dev/urandom and then rm -rf the dump file.

• Restore the date of a file

  Let's say you have modified /etc/passwd but the file date now shows that /etc/passwd has been modifed. Use touch to change the file data to the date of another file (in this example, /etc/shadow)

  touch -r /etc/shadow /etc/passwd

• Clear logfile

  This will reset the logfile to 0 without having to restart syslogd etc:

  cat /dev/null >/var/log/auth.log

  This will remove any sign of us from the log file:

  cd /dev/shm
  grep -v 'thc\.org' /var/log/auth.log >a.log; cat a.log >/var/log/auth.log; rm -f a.log

• Hide files from that User without root privileges

  Our favorite working directory is /dev/shm/. This location is volatile memory and will be lost on reboot. NO LOGZ == NO CRIME.

  Hiding permanent files:

  Method 1:

  alias ls='ls -I system-dev'

  This will hide the directory system-dev from the ls command. Place in User's ~/.profile or system wide /etc/profile.

  Method 2: Tricks from the 80s. Consider any directory that the admin rarely looks into (like /boot/.X11/.. or so):

  mkdir '...'
  cd '...'

  Method 3: Unix allows filenames with about any ASCII character but 0x00. Try tab (). Happens that most Admins do not know how to cd into any such directory.

  mkdir $'\t'
  cd $'\t'

• Encrypting a file

  Encrypt your 0-Days and log files before transfering them - please. (and pick your own password):

  Encrypt:

  openssl enc -aes-256-cbc -pbkdf2 -k fOUGsg1BJdXPt0CY4I <input.txt >input.txt.enc

  Decrypt:

  openssl enc -d -aes-256-cbc -pbkdf2 -k fOUGsg1BJdXPt0CY4I <input.txt.enc >input.txt

Email Opsec

• Always use tor to create emails and to check that email. • Never use your home wifi • If email registration requires a phone number, use a burner phone that can recieve texts. • Wait at least 1 month before using the phone, and purchase far away from your home. • Use email providers that operate on Tor and use PGP when dealing with clients ◇ http://secmailw453j7piv.onion ◇ http://eludemaillhqfkh5.onion ◇ http://mail2tor2zyjdctd.onion ◇ http://cockmailwwfvrtqj.onion

PGP Encryption

• Nulltrace - An onion site that offers an easy to use PGP toolkit. Allows a user to create PGP keypairs, sign, verify, encrypt and decrypt.

pagePGP Guide

Dread OPSEC Guide

Security Settings: Click on the shield icon at the top of the Tor browser and click "Advanced Security Settings" and set the value to "Safest". Note For Tails Users: Tails will reset this value on system restarts, so make sure you do this everytime you launch Tor on Tails!

Privacy Checking: To check that your I.P. address is a Tor exit node, and that your security settings are correct, go to https://whatsmybrowser.org/ and ensure the following:

-Javascript is disabled! -No browser details can be detected!

Plugins: Additional addons/plugins should not be installed. Plugins not supported by the TorProject run the risk of bypassing the Tor network and accessing the net directly, which runs the risk of leaking your real I.P. address. It should be a clear indication to anyone why this is an issue, but people sometimes disregard this risk and lose a large part of their OpSec over this mistake.

Tails: Tails is a live operating system that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity and helps you to: use the internet anonymously and circumvent censorship; route all connections to the internet through the Tor network; leave no trace on the computer you are using unless you explicitly ask it to; encrypts your files, emails, and instant messaging using state-of-the-art cryptography.

Official Site: https://tails.boum.org/ Tails For The Darknet Markets: http://archivecaslytosk.onion/fyYz5

Whonix: An alternative to Tails and also an open source project. Whonix is an operating system focused on anonymity, privacy, and security. It's based on the Tor anonymity network, Debian GNU/Linux, and security by isolation. DNS leaks are impossible and not even malware with root privileges can find out the user's real I.P. address.

Official Site: https://www.whonix.org/ Whonix For The Darknet Markets: http://archivecaslytosk.onion/COfTH

Shredding History / Footprints: This section only applies to users who use the Tor browser while not using Tails or Whonix.

The recommended tool for cleaning footprints, history, cache, etc. from your drive(s) is using a program known as CCleaner. When using the program it is recommended to go to 'Options' > 'Settings' and then selecting "Complex Overwrite" (7 passes) and "Secure File Deletion". Make sure all the boxes are ticked when cleaning including the 'Windows' and 'Application' tabs.

This is normally recommended before the connection to Tor, and after you've left Tor, to wipe all cookies etc. Remember that although this may clear a good deal of the tracks left behind on your PC, wiping your drive(s) with random data and zeros from a live operating system is the only way to permanently clean your tracks. It is also good to note that there is no reliable way to wipe solid state drives so using hard drives is the preferred hardware.

Cookies - How The NSA Is Using Them To Track Tor Users: Let's suppose that there is an online shopping website, owned, or controlled by the NSA. When a normal user will open that website from his/her real I.P. address, the website creates a cookie on the user's browser and stores the real I.P. address and other personal information about the user. When the same user will again visit the same NSA owned website, enabling Tor this time on the same browser - the website will read the last stored cookies from the browser, which includes the user's real I.P. address, and other personal Information. Furthermore, the website just needs to maintain a database of real I.P. addresses against the Tor Proxy enabled fake I.P. addresses to track anonymous users. The more popular the site is, the more users can be tracked easily. Documents show that the NSA is using online advertisements, i.e. Google Ads to make their tracking sites popular on the internet.

How You Can Avoid Cookie Tracking? By using the Tor browser exclusively for darknet activities. Browsers can't read cookies created by other browsers so using your standard browser for clearnet use can save you from this issue. However, you should always clear the cookies (with CCleaner or alike) after you’re done so any stored information, such as login information will not be stored on the computer's drive. If you're doing something very interesting, you should use Tor on an amnesic operating system, such as Tails, so that any data is dumped when the machine is closed.

Closing: Hopefully you found this Tor Browser Security Guide a helpful source of information on the various steps needed to maintain your security and privacy. Don't take your freedom, nor your livelihood, for granted. You never know what could happen so never let the odds be stacked against you!