Grey - Privacy/TOR/OPSEC

  • ​CounterMail - online email service, designed to provide maximum security and privacy.
  • ​Mail2Tor - is a Tor Hidden Service that allows anyone to send and receive emails anonymously.
  • ​Tutanota - is the world's most secure email service and amazingly easy to use.
  • ​Protonmail - is the world's largest secure email service, developed by CERN and MIT scientists.
  • ​Startmail - private & encrypted email made easy.

  • ​https://coveryourtracks.eff.org/ - EFF sponsored Browser tracking checker
  • ​Panopticlick 3.0 - is your browser safe against tracking?
  • ​Privacy Analyzer - see what data is exposed from your browser.
  • ​Browser Mirror - See what your browser says about you
  • ​Webkay - A demonstration of all the data your browser knows about you. All this data can be accessed by any website without asking you.
  • ​Logger - IntelTechniques custom tool for seeing what data can be tracked in your browser.
  • ​https://tenta.com/test/ - Site for checking DNS Leakage and other browser security issues.
  • ​https://www.grc.com/shieldsup - Great tool for profiling your internet connection and router for exposure, potential vulnerabilities, and open ports.
  • ​https://ipleak.net - See what information you are giving away while browsing the internet. IP addresses, DNS leaks, WebRTC leaks, fingerprints and user-agent.
  • ​https://browserleaks.com - Here you will find a gallery of security testing tools that will show you what kind of personal data can be leaked, and how to protect yourself from it.
  • ​https://shutuptrackers.com/browser/tweaks.php - Firefox Privacy Settings
  • ​What every Browser knows about you β€” This site not only shows what information your browser provides to third-party sites, but also explains how it can be dangerous and suggests what extensions will help to ensure your anonymity.
  • ​https://socradar.io/labs/vpnradar/ - VPN privacy checker

  • ​Hidden Wiki - A large and neatly organized directory of .onion sites.
  • ​https://hidden-services.today - Place with fresh links to TOR services hidden that is free of spam and scam sites. Only trusted and safe links are provided.
  • ​https://www.hunch.ly/darkweb-osint/ - Identify new hidden services, or find investigation targets that you might not have otherwise known about. It is 100% free and every day you will receive a link to a spreadsheet you can download or view online. Requires you to provide an email address to join their mailing list.
  • ​TOR66 - An onion site that lists newly discovered onion sites that have been submitted from a variety of different clearnet platforms.
  • ​H-Indexer - Another onion site that offers a list of fresh onions. Beware, results are often uncensored, so you may encounter illegal material.
  • https://osint.party/api/rss/fresh - An amazing RSS feed of fresh and newly discovered .onion sites. Be careful, this feed remains uncensored, so you may encounter illegal content.
  • ​Dread - Reddit of the darkweb
    • ​https://cafedread.com - A read-only archive of the Dread forum. Read the latest posts and comments. Also supports reading via Atom feeds.
  • ​http://hacktownpagdenbb.onion/HackTown.html - One of my favorite sites on learning the operations of a black hat.
  • ​https://metrics.torproject.org/exonerator.html - Enter an IP address and date to find out whether that address was used as a Tor relay.

β€’ Your "work" computer should never ever have anything personally related to your real identity. Ever! β€’ Your host machine should have Anti-Virus or Windows Defender enabled. β€’ Your host machine should always be kept up to date with current updates. β€’ Your host machine should have full HD encryption. β€’ Your host machine should have opensnitch, Glasswire, or Littlesnitch installed. β€’ Your host machine should have booting from USB disabled in the BIOS settings (see how to get into your BIOS and disable it). β€’ Your host machine should have a VPN running on it. β€’ Everything should be saved to the USB and never the HD. β€’ A password manager should be used for storing your passwords. β€’ VM should be saved onto on a USB/Micro SD and encrypted. β€’ Whonix should be used to conduct all your Darkweb activities. β€’ Spoof your MAC and Computer Name every time on start-up and shutdown. β€’ Use CCleaner, bleachbit, or similar programs on your host machine before each shutdown. β€’ Be conscious of other devices you may have on your person that are giving away your location (cell phones are not your friends). β€’ PGP encryption for secure emailing β€’ Only wired keyboards and mice β€’ Read http://grugq.github.io/​

  • .i. Leave Bash without history:
    Tell Bash to use /dev/null instead of ~/.bash_history. This is the first command we execute on every shell. It will stop the Bash from logging your commands.
    export HISTFILE=/dev/null
    It is good housekeeping to 'commit suicide' when exiting a shell:
    alias exit='kill -9 $'
    Any command starting with a " " (space) will not get logged to history either.
    $ id
    1.ii. Hide your command
    /bin/bash -c "exec -a syslogd nmap -T0 10.0.2.1/24"
    # or starting as a background process:
    exec -a syslogd nmap -T0 10.0.2.1/24 &>nmap.log &
    Alternatively if there is no Bash:
    cp `which nmap` syslogd
    PATH=.:$PATH syslogd -T0 10.0.2.1/24
    In this example we execute nmap but let it appear with the name syslogd in ps alxwww process list.
    1.iii. Hide your arguments
    Download zap-args.c. This example will execute nmap but will make it appear as 'syslogd' without any arguments in the ps alxww output.
    gcc -Wall -O2 -fpic -shared -o zap-args.so zap-args.c -ldl
    LD_PRELOAD=./zap-args.so exec -a syslogd nmap -T0 10.0.0.1/24

  • Disable Javascript
  • Set security to safest setting
  • Use Cached version of website when on network instead of net requests.
    • cache.example.co.uk
  • Use a search engine that does not track its users
  • Tracking cookies
  • Website settings
    • Disable β€œShow others my online status”
  • Doublecheck
    • Display all the information your browser is currently showing about you
      • Use the above Browser

  • File verification
  • Shred & Erase a file
    shred -z foobar.txt
  • Shred & Erase without shred
    FN=foobar.txt; dd bs=1k count="`du -sk \"${FN}\" | cut -f1`" if=/dev/urandom >"${FN}"; rm -f "${FN}"
    Note: Or deploy your files in /dev/shm directory so that no data is written to the harddrive. Data will be deleted on reboot.
    Note: Or delete the file and then fill the entire harddrive with /dev/urandom and then rm -rf the dump file.
  • Restore the date of a file
    Let's say you have modified /etc/passwd but the file date now shows that /etc/passwd has been modifed. Use touch to change the file data to the date of another file (in this example, /etc/shadow)
    touch -r /etc/shadow /etc/passwd
  • Clear logfile
    This will reset the logfile to 0 without having to restart syslogd etc:
    cat /dev/null >/var/log/auth.log
    This will remove any sign of us from the log file:
    cd /dev/shm
    grep -v 'thc\.org' /var/log/auth.log >a.log; cat a.log >/var/log/auth.log; rm -f a.log
  • Hide files from that User without root privileges
    Our favorite working directory is /dev/shm/. This location is volatile memory and will be lost on reboot. NO LOGZ == NO CRIME.
    Hiding permanent files:
    Method 1:
    alias ls='ls -I system-dev'
    This will hide the directory system-dev from the ls command. Place in User's ~/.profile or system wide /etc/profile.
    Method 2: Tricks from the 80s. Consider any directory that the admin rarely looks into (like /boot/.X11/.. or so):
    mkdir '...'
    cd '...'
    Method 3: Unix allows filenames with about any ASCII character but 0x00. Try tab (). Happens that most Admins do not know how to cd into any such directory.
    mkdir #x27;\t'
    cd #x27;\t'
  • Encrypting a file
    Encrypt your 0-Days and log files before transfering them - please. (and pick your own password):
    Encrypt:
    openssl enc -aes-256-cbc -pbkdf2 -k fOUGsg1BJdXPt0CY4I <input.txt >input.txt.enc
    Decrypt:
    openssl enc -d -aes-256-cbc -pbkdf2 -k fOUGsg1BJdXPt0CY4I <input.txt.enc >input.txt

β€’ Always use tor to create emails and to check that email. β€’ Never use your home wifi β€’ If email registration requires a phone number, use a burner phone that can recieve texts. β€’ Wait at least 1 month before using the phone, and purchase far away from your home. β€’ Use email providers that operate on Tor and use PGP when dealing with clients β—‡ http://secmailw453j7piv.onion β—‡ http://eludemaillhqfkh5.onion β—‡ http://mail2tor2zyjdctd.onion β—‡ http://cockmailwwfvrtqj.onion

  • ​Nulltrace - An onion site that offers an easy to use PGP toolkit. Allows a user to create PGP keypairs, sign, verify, encrypt and decrypt.

Security Settings: Click on the shield icon at the top of the Tor browser and click "Advanced Security Settings" and set the value to "Safest". Note For Tails Users: Tails will reset this value on system restarts, so make sure you do this everytime you launch Tor on Tails!
Privacy Checking: To check that your I.P. address is a Tor exit node, and that your security settings are correct, go to https://whatsmybrowser.org/ and ensure the following:
-Javascript is disabled! -No browser details can be detected!
Plugins: Additional addons/plugins should not be installed. Plugins not supported by the TorProject run the risk of bypassing the Tor network and accessing the net directly, which runs the risk of leaking your real I.P. address. It should be a clear indication to anyone why this is an issue, but people sometimes disregard this risk and lose a large part of their OpSec over this mistake.
Tails: Tails is a live operating system that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity and helps you to: use the internet anonymously and circumvent censorship; route all connections to the internet through the Tor network; leave no trace on the computer you are using unless you explicitly ask it to; encrypts your files, emails, and instant messaging using state-of-the-art cryptography.
Official Site: https://tails.boum.org/ Tails For The Darknet Markets: http://archivecaslytosk.onion/fyYz5​
Whonix: An alternative to Tails and also an open source project. Whonix is an operating system focused on anonymity, privacy, and security. It's based on the Tor anonymity network, Debian GNU/Linux, and security by isolation. DNS leaks are impossible and not even malware with root privileges can find out the user's real I.P. address.
Official Site: https://www.whonix.org/ Whonix For The Darknet Markets: http://archivecaslytosk.onion/COfTH​
Shredding History / Footprints: This section only applies to users who use the Tor browser while not using Tails or Whonix.
The recommended tool for cleaning footprints, history, cache, etc. from your drive(s) is using a program known as CCleaner. When using the program it is recommended to go to 'Options' > 'Settings' and then selecting "Complex Overwrite" (7 passes) and "Secure File Deletion". Make sure all the boxes are ticked when cleaning including the 'Windows' and 'Application' tabs.
This is normally recommended before the connection to Tor, and after you've left Tor, to wipe all cookies etc. Remember that although this may clear a good deal of the tracks left behind on your PC, wiping your drive(s) with random data and zeros from a live operating system is the only way to permanently clean your tracks. It is also good to note that there is no reliable way to wipe solid state drives so using hard drives is the preferred hardware.
Cookies - How The NSA Is Using Them To Track Tor Users: Let's suppose that there is an online shopping website, owned, or controlled by the NSA. When a normal user will open that website from his/her real I.P. address, the website creates a cookie on the user's browser and stores the real I.P. address and other personal information about the user. When the same user will again visit the same NSA owned website, enabling Tor this time on the same browser - the website will read the last stored cookies from the browser, which includes the user's real I.P. address, and other personal Information. Furthermore, the website just needs to maintain a database of real I.P. addresses against the Tor Proxy enabled fake I.P. addresses to track anonymous users. The more popular the site is, the more users can be tracked easily. Documents show that the NSA is using online advertisements, i.e. Google Ads to make their tracking sites popular on the internet.
How You Can Avoid Cookie Tracking? By using the Tor browser exclusively for darknet activities. Browsers can't read cookies created by other browsers so using your standard browser for clearnet use can save you from this issue. However, you should always clear the cookies (with CCleaner or alike) after you’re done so any stored information, such as login information will not be stored on the computer's drive. If you're doing something very interesting, you should use Tor on an amnesic operating system, such as Tails, so that any data is dumped when the machine is closed.
Closing: Hopefully you found this Tor Browser Security Guide a helpful source of information on the various steps needed to maintain your security and privacy. Don't take your freedom, nor your livelihood, for granted. You never know what could happen so never let the odds be stacked against you!
Copy link
On this page
Privacy
Guides and Reference
Altnets
Tools
Privacy Comms
Secure Webmail Providers
Browser Privacy/Check yourself
Personal Network Security
TOR
TOR Tools
Tor Bridges - alternative entry points for Tor that are not listed
Interesting Tor pages
Check yourself
Misc Reference
OPSEC
Good habits
Command line history
Web Opsec
File management
Email Opsec
PGP Encryption
Dread OPSEC Guide