Tor - The Onion Router

Onion link

>This version includes important security updates to Firefox.

Onion link

>This version includes important security updates to Firefox.

It amazes me that onion sites aren't everywhere. They are easy to spin up, you don't have to pay anything and can run it from your own home. No need to purchase a domain, worry about expiration, have an open port. Built-in DoS protection. Anonymity and authentication by default. No need to configure HTTPS. Sure, uptime is on you and there is some latency/bandwidth limits to be considered, but once you are over that, onions are a solution to many problems and the benefits are enormous.

When a website can be accessed via a clearnet and a .onion url, is there a benefit to making use of the .onion url?

------ Context:

I am considering pointing a ".onion" url to my instance (mander.xyz).

I did some tests with and it seems like mlmym works well with JavaScript disabled. Since JavaScript is often disabled in the tor browser, I could make the .onion url point at that front-end instead.

This would be fun to do, but I wonder if there is a practical benefit to the ".onion" url as opposed to simply accessing the clearnet url via the tor browser.

EDIT: I went ahead and created an onion URL to try out, but I would still like to know if there is an actual advantage to .onion urls:

http://mandermybrewn3sll4kptj2ubeyuiujz6felbaanzj3ympcrlykfs2id.onion/

There is a 2 monero bounty ~$300USD if you can get PoW working for us

https://github.com/haveno-dex/haveno/issues/1122

Reposted from: https://lemmings.world/post/10879238

> I am talking about some way to report it (without exposing my identity - using Tor browser) or let it be shutdown. > > Related Tor FAQ: https://support.torproject.org/abuse/#abuse_remove-content > > Report1: https://report.cybertip.org > > Report2: https://www.iwf.org.uk/en/uk-report/ > > Report3: https://www.inhope.org/EN#hotlineReferral > > Here is how to report bad site, in case you find any clearnet traces on the .onion site, incl. email address. > > In this particular case, I have been able to spot the ODER/BUY NOW link which lead to a clearnet site. Within a second, it then redirected to a onion site, where I have found an e-mail address. So i had 2 ways to report this (clearnet website and an e-mail). > > So run whois lookup (for example at https://who.is/whois/ for mentioned clearnet redirect domain name) and inside the output, discover which nameservers/hosting company it is using. Since it has been using Cloudflare, I have submitted the report form on Cloudflare site. Second thing is that e-mail address the paedopile worm provided on the site. I could visit that email service domain to find abuse contact. I have written steps on how i have discovered the initial link and found the e-mail so they can verify the case. > > Do you know other way when you do not find any clearnet traces?

I just got an update from the Guardian project here recently for the Tor Browser version 13.5 on Android. Before, there always used to be a notification in the notification tray that would say the download and upload speed and have a new identity button to switch circuits if one was lagging. But I do not see that anymore. So how do I change circuits now without completely closing the browser and reopening it which would be a total pain in the ass?

Onion link

>In that respect, Tor Browser 13.5 feels like a milestone: in addition to the dozens of bug fixes and minor improvements noted in the changelog below, this release features major changes to Android's connection experience in preparation for the future addition of Connection Assist, including full access to Settings before connecting and a new, permanent home for Tor logs.

>For desktop, we're continuing our efforts to improve the user experience of Tor Browser's fingerprinting protections. Following the changes we introduced to new window sizes in Tor Browser 13.0 for Desktop, this release features welcome design changes to letterboxing, including new options to remember your last used window size and adjust the alignment of the letterbox in General Settings. Bridge users will also discover a myriad of improvements to bridge settings, including a complete redesign of bridge cards with improved sharing features, and a new section designed to help you find more bridges elsewhere. Lastly, the design of onion site errors has received a visual refresh aimed at making them consistent with the other kinds of Network Errors you can find in Tor Browser.

Onion link

Hi all! A group of researchers from two major U.S. universities is seeking to understand how people act on Darknet forums and markets. We would very much appreciate your responses. Our anonymous survey can be found here: https://blocksurvey.io/darknet-decision-making-survey-Cqozn_nrQbOr65TV2OEK9A?v=o (supports Tor) or here https://neu.co1.qualtrics.com/jfe/form/SV_02IV26Gkdf4IuQm (supports all other browsers). You can also use our Telegram bot (@OnlineMarketSurveyBot). We know your time is valuable, so the survey will only take 2-3 minutes of your time.

Although we will not log your IP address or ask any identifying questions, please do not share any identifying information while filling out our form. Your responses will be analyzed in groups; no individual responses will be used in data analyses.

Please note that this post has been kindly reviewed by the lemmings.world admin.

A huge thanks to the administrators, moderators, and all participants from our research group! #research #darknet #decisionmaking #survey #Markets

I'm looking for search engines for tor, what do you recommend? Besides that, I'm also looking for the link to time to confess, the one I have stopped working, will the website still be active?

Hi,

Since ~two days I noticed drastic slowdown on the TOR network :/

Is this happening for you too ?

Do you know a website (or other) where we can see if the network have a problem ?

BTW, I wanted to post this on their forum but at the end of registration I got: > A moderator must manually approve your new account before you can access this forum. You'll get an email when your account is approved!

Never got the email :/ , for a project that protect user and anonymity I don't see why they use such a huge filter to create account.

https://mastodon.social/@torproject/112394788781178752

Trying to access this https://web.archive.org/web/https://www.dataguidance.com/news/czechia-%C3%BAoo%C3%BA-fines-avast-czk-351m-gdpr-violations got a 403. Never had that before with the WayBackMachine. Then I tried to load it directly and got a "You are blocked!". Does the WBM not really make a full copy ? Not very Tor friendly !!!

TLDR:

If I use SSH as a Tor hidden service and do not share the public hostname of that service, do I need any more hardening?

Full Post:

I am planning to setup a clearnet service on a server where my normal "in bound" management will be over SSH tunneled through Wireguard. I also want "out of bound" management in case the incoming ports I am using get blocked and I cannot access my Wireguard tunnel.

I was thinking that I could have an SSH bastion host as a virtual machine, which will expose SSH as a a hidden service. I would SSH into this VM over Tor and then proxy SSH into the host OS from there. As I would only be using this rarely as a backup connection, I do not care about speed or convenience of connecting to it, only that it is always available and secure. Also, I would treat the public hostname like any other secret, as only I need access to it.

Other than setting up secure configs for SSH and Tor themselves, is it worth doing other hardening like running Wireguard over Tor? I know that extra layers of security can't hurt, but I want this backup connection to be as reliable as possible so I want to avoid unneeded complexity.

Onion link >This is an unscheduled emergency release with important security updates to Firefox for Desktop platforms. Android is unaffected.

I can't figure out which one it is. Does the service actually still get all the ddos flood and just drop them until a request comes in with the correct PoW level, or does the browser/daemon somehow calculate the PoW and only send the request when its reached. I don't see how the second one would work because your browser would not know if the service was under attack. But the first option still requires the service to get the request and then spend a little time dropping it instead of serving it.

I see that 127.0.0.1:9050 is being opened as my socks5 port. Can i somehow also get it to listen on [::1]:9050? I am trying to connect to an ipv6 client but if i use 127.0.0.1 the connection fails. If i turn off socks it works fine

Edit: it actually appears to be the socks application not accepting "::1" or "[::1]" as a valid proxy. It just wants to go back to 127.0.0.1

Amnesty International is launching their website as a .onion site to provide unrestricted access to its human rights resources, enabling more people to safely and securely engage with the vital work of speaking truth to power, and defending human rights.

Most sites i see on tor are http://blahblahblah.onion even for sites that have logins such as dread or pitch. However, duckduckgo appears to have an https onion which i didnt think was possible. Now the question is if i submit my user/pass on an http onion is it actually safe and is my session with that site properly secure? I know in transport to me it is secure, but if the exit node knows i want the pitch onion is my account info safe from that node since pitch is http.

For example, I downloaded Tor network and using it for illegal activities. Can my govt track me? Can US govt track me? With Signal fiasco, I can't trust softwares that I'm not familiar with.

I know it encrypts something but if I remember correct, FBI was able to find some Tor users before.

Note: illegal activities was for example. I'm not going to do anything illegal. I'm just planning to serve my instance with a onion address.

4get is a metasearch engine, similar to Searx and SearXNG

You can find the source code here: https://git.lolcat.ca/lolcat/4get

And use it here: http://4getwebfrq5zr4sxugk6htxvawqehxtdgjrbcn2oslllcol2vepa23yd.onion/

I saw the tor project blog saying that the new PoW DDOS protection had been released and thought "that will be great for dread". Unfortunately dread has been down for me for several days with both the dreadytofat and dreadytobig onions. Anyone else able to get on?

Onion link: http://pzhdfe7jraknpj2qgu5cz2u3i4deuyfwmonvzu5i3nyw4t4bmg7o5pad.onion/new-release-tor-browser-125/

I currently use Orbot as a general proxy on my phone. However, my school's WiFi requires me to sign in through a portal. I was wondering if there's a way of allowing my phone to bypass Orbot and connect to a single IP address, whilst continuing to proxy everything else.

Onion link: http://pzhdfe7jraknpj2qgu5cz2u3i4deuyfwmonvzu5i3nyw4t4bmg7o5pad.onion/new-release-tails-514/

Tails website link: https://tails.boum.org/news/version_5.14/index.en.html

New Features:

1. Persistent storage automatic migration to LUKS2 with Argon2id. Previous cryptographic standards used for persistent storage in Tails 5.12 and earlier are weak to state-sponsored attackers with physical device access. It will migrate automatically, butits's advised if you do not have a very strong password to change it.

2. Option in Tails Installer to backup Persistent Storage

3. Captive portal detection during Tor connection to allow signing into network when needed (such as motels)

4. Donate option built into Electrum - Support the Tails team if you can!

Tor Project is moving to self-hosting their users forum, starting on June 20th it will be accessible from forum.torproject.org

Onion Link for article: http://pzhdfe7jraknpj2qgu5cz2u3i4deuyfwmonvzu5i3nyw4t4bmg7o5pad.onion/tor-project-forum-migration/

Onion link for article: http://pzhdfe7jraknpj2qgu5cz2u3i4deuyfwmonvzu5i3nyw4t4bmg7o5pad.onion/new-release-tor-browser-1207/

Relatelist.com is the special search engine for Business intelligence.

We research published in Internet documents on almost all web-sites.

Actually we know more than 45 million people from about 6 million companies.

With Relatelist.com you may see another side of corporate world. Use it to discover the real relationship between big and small companies, goverments, media and military agencies, intelligence service, banks, international organisations etc.

helper script to host privacy onion site in linux or root android termux