How to use Tor Browser | Tor Tutorial part 1

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
👍︎︎ 1 👤︎︎ u/DifferentTarget 📅︎︎ Apr 02 2020 🗫︎ replies

Regarding THO decision on using TBB on Safest mode, don't think this is a good idea to follow for everyone (I even think that the fact that he is using isn't justified, but whatever); from Matt Traudt's blog, who works for the Naval Research Lab doing research and development on Tor:

Disabling JavaScript / setting the security slider to its highest setting

This is unnecessary for the majority of adversary models and will make the web significantly less usable.

The only people who have had significant JavaScript exploits used against them in Tor Browser were pedophiles using Windows. This suggests to me (and security experts in general, AKA not people that read "tech news" and parrot everything they read) that these exploits are rare, expensive, and hard to replace. Thus they aren't going to be used against random people because the risk of the exploit being discovered and fixed is too great.

Setting the security slider to its highest setting does remove JavaScript as a possible attack vector. So as long as you set it there consciously, are aware much of the web may break, I support your choice to disable it. I especially support it if you have legitimate concerns that JavaScript exploits may be used against you, not just dumb paranoia.

👍︎︎ 3 👤︎︎ u/General_Health 📅︎︎ Apr 02 2020 🗫︎ replies

Also, something that THO doesn't mention is that among the settings that you can customize, there's the search engine one, I would recommend changing from the default DDG clear net web site, to the .onion service, which offers encryption.

👍︎︎ 2 👤︎︎ u/General_Health 📅︎︎ Apr 02 2020 🗫︎ replies

Note on the iOS option Onion Browser. It doesn't currently block WebRTC leaks. It used too and it will again from what I hear, but it is currently in a weird spot. Blocking JavaScript works and OnionBrowser has the best security mode switching so this is a minor issue. It is a very well designed browser and highly recommended. Brave is working on fixing this too

Edit: It might be worth noting that some VPNs have a solution to this. Not sure if it effects Onion Browser. Perfect Privacy seems to offer this for iOS for example

👍︎︎ 1 👤︎︎ u/ExoticTemperature7 📅︎︎ Apr 04 2020 🗫︎ replies
Captions
[Music] the Internet is inherently a publicly open space whenever you serve a website or use an app you're living on someone else's computer and whoever owns that computer knows who you are what you do and where you are coming from Internet is just a network of someone's computers so the only way to keep your privacy in public is to be anonymous tor which stands for The Onion Router is designed to give all of its users the same identity it's as if a crowd of people in the streets all over the same clothes and the same mask tor is the best tool available today to stay anonymous on the web on the internet your true location is always revealed to all computers you are connecting to which can be up to thousands a day tor hides your location by relaying your traffic through three random places in the world and encrypting your traffic with triple layer of encryption to make sure nobody can follow your tor circuit back to its origin tor is essentially a traffic analysis resistance tool it doesn't prevent data collection it makes it so that whatever data is collected can't be meaningfully deciphered and utilize for whatever purpose ie by law enforcement or advertisers you should you store for about ninety to a hundred percent of your Internet activities that is everything that doesn't need a personal account and where providers don't block connections coming from the Tor network like banking or some streaming services to start using tor there is no better place than the tor browser in this tutorial will also step up our security with her next virtual machine and I'll teach you how to set up a live tails operating system on a USB flash drive let's begin download tor browser straight from tor project org Google Play Store or f-droid unfortunately iOS users can get the official tor browser on iPhones but the unofficial Onion browser can be used instead on desktop you can run tor browser from your local or external storage like USB disks SD cards or turn on the drives when you first launch it it will ask you for some basic configuration you should go for default settings for everything if tories blocks in your country selects a tour bridge which is gonna hide the fact you're using tor from your internet service provider or the government tor browser will then automatically start connection to the Tor network if it is successful the browser home page should be signature violent or give you a text like this browser is configured to use tor if tor connection failed to establish the home page will be red or will tell you something like not to use the current session in that case just restart the browser and it should reconnect the return network correctly by default tor browser is gonna function in its most user friendly in form to avoid scaring away novice users the browser doesn't block JavaScript phones or any type of media but expects reasonable privacy security in unanimity you have to block JavaScript the only way you should do this is to change the security level to safer or the safest mode it is highly recommended against changing tor browser settings in other unofficial ways the safe level disables non-encrypted JavaScript and some phones while media is click to play the safest level disables all JavaScript phones and media I use tor in the safest mode at all times only in rare circumstances do I let it run JavaScript because I can never verify if code on any website is malicious or not in the safest security level you can manually change what Janne script is allowed to run and which one remains blocked this is done through the no script extension if you can see the Adhan in the top bar open the menu and select Customize then find the icon for no script as well as HTTPS Everywhere and drag them over to the top right bar and click done when you want to re-enable individual Java scripts around on the website open no script menu this will display a list of all available domains trying to make a connection on the website in the safest security mode they're all blocked by default to unblock them say them to trust it by clicking the blue s icon next to each domain you want to enable for as long as you don't close or restart or browser JavaScript of these domains will be allowed for click to play media all you need to do is to click on the demo script overlay and just allow whatever mediator is to play this needs to be done individually for audio and video you may notice the little brush icon in the top right bar if you click that it will refresh tor browser and give you a new identity this just means it will clear all browser data like history cookies and cache tor browser automatically clear all of its data when you close it so you don't have to click on this brush icon to do it but the benefit of refreshing your identity instead of restarting your whole browser is that any individual changes you've made in no script during your session will be remembered whereas if you close and restart the browser entirely it will give you a new session and all changes in what domains are allowed and blocked in a no script will be wiped another Eden to node is HTTPS Everywhere if you leave it as it is it will try to force all websites to use encrypted connections instead of going through non secure HTTP protocol but in 2020 I don't want to visit any website that isn't encrypted so I set my HTTPS Everywhere to block all unencrypted connections when you visit an unencrypted website with this setting enabled HTTPS Everywhere will block it and give you an option to enable unencrypted connection manually this is a far more secure method than allowing non-secured connections to run automatically the last node where the function of tor browser is the tor circuit button click on the lock icon in the URL bar to display the list of relays in your tor circuit sometimes your circuit may be too slow or you may want to change your exit node tor changes your circuit automatically for each website and each time you refresh or restart the browser which can also manually request a new circuit for a specific website this can sometimes solve the annoying problem of some sighs that defaults to the language of your exit location now tor is just a tool it can only do as much as the piece of the monkey meat that's using it it's just as important to have excellent offset if you want to make the most out at or anonymity OPSEC stands for operation security and it's basically managing your behavior in ways that do not compromise your security strategy and toolset there are a number of rules that can be broken when using tor here is a few of the most important ones roll number zero do not use accounts with their real identity the more general advice is not to use accounts on tour and all because accounts are data points that can create links over a long enough period of time however you can have anonymous accounts that do not link to anything in your real life that means no phone numbers real name email addresses or emails that were registered with their real IP address if you create a fake pseudonym on tour and then use or even mention that pseudonym anywhere outside of tor you are compromised rule number one do not change any settings install add-ins or plugins never go fullscreen either as this can identify your device only the advanced security settings are ok to change but making any other changes to your browser including installing extensions and plugins is like putting a giant stick on the forehead of your anonymous mask it makes you stand out from the crowd so don't rule number 2 do not disclose any personally identifiable information anything personal like your hobbies location profession pets family members photos screenshots or nicknames in your posts searches or account names can link back to you if you want to be anonymous do not discuss private data with people that you don't want them to know about rule number three use end-to-end encryption tor is a great tool but not a magic one the three layered encryption of tor is only there to prevent individual relays from knowing your original and final destination when your connection leaves the exit node and the destination website isn't encrypted then the exit node can know what you're doing even if they don't know your original IP address all websites a visit clear net are onion ones should be encrypted if the lock next that the URL bar is green you're good if it isn't you're screwed also make sure you can trust or verify that the encryption on the server itself isn't compromised rule number four be knowledgeable about surveillance capabilities I can't remotely go over even just a fraction of what's possible in this video but let me give you one very common yet creepy example a Google script on your phone can constantly signal inaudible sounds that can be picked up by a computer's microphone if a website runs a script that can access your microphone that website can link your tor browser session to your phone ID if you run two scripts of the same provider one over tor and one over clear net then your anonymous session can be easily linked to your real identity if you watch a phone review on the YouTube app and then launch the tor browser to search for that phone on Google then Google can almost definitely link these two activities together especially if you're running JavaScript advanced trackers on the web like Google can do all the nasty tricks that link your activities to real-life identity so remember to compartmentalize what you do and whose services you decide to go for if you make a connection to the same provider anonymously and non anonymously at the same time you're screwed to avoid these pitfalls it's best not to do anything else when using tor rule number five tor is only as secure as a machines hardware an operating system it can protect you if your device is already compromised this is not a limitation of tor this is a limitation of being alive if there is a malware with root privileges or remote administration on your phone or laptop then no tool can save you it's your responsibility to make sure you are adjusting your security level based on the system you're using with all that being said there are more secure ways to run tor that's when your whole system is routing your connection through the Tor network to prevent any leaks there are two ways to go about this a convenient one and an amazing one but we're gonna cover that in a separate video because I figured it'd be better to leave two full-featured anonymous operating systems its own space if you wanna support this project in return for these essential skills I welcome you to join my patreon if you prefer to keep your anonymity maybe my Bitcoin or Manero addresses in the description can be an option thank you very much for your support and stay free
Info
Channel: The Hated One
Views: 859,133
Rating: 4.9397445 out of 5
Keywords: How to use Tor Browser | Tor Tutorial part 1, How to use Tor Browser, Tor Tutorial, tor browser tutorial, tor 2020, tor anonymity tutorial, how to be anonymous, how to use tor, how to use tor tutorial, how to use tor 2020, how to be anonymous tor, how to be anonymous on the web, tor anonymous, tor anonymity, tor operatons security, tor opsec, tor opsec tutorial
Id: yveTy-mf3u8
Channel Id: undefined
Length: 11min 46sec (706 seconds)
Published: Thu Apr 02 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.