Questions tagged [tor]
Tor (short for The onion router) is a system intended to enable online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user's location or usage from anyone conducting network surveillance or traffic analysis. For non-security questions about Tor, see our sister site Tor Stack Exchange.
526
questions
1
vote
0
answers
130
views
How to diagnose a DDOS on a home network?
I'm a user with a consumer level modem and a plain wifi router.
I have been seeing activity where for long periods of time over night, my internet connection will shut off for 10-20 minutes at a time. ...
2
votes
4
answers
183
views
How do you rate limit bruteforce attempts on a Tor hidden service?
I'm considering the feasibility of a .onion domain for my website to cater to privacy conscious users.
Actions that occur before there's a known UserID (eg. login page) need to have a bounded number ...
0
votes
0
answers
125
views
These two pgp public keys are the same but different?
I'm doing some research on .onion websites and was trying to verify an onion URL.
I got a public key from two different sources: side by side they are identical until about ten lines before the end. ...
0
votes
0
answers
77
views
Deploying a site with zero-knowledge?
Any methodologies of secret or private dev-ops as a service?
The use-case I was thinking of is for example, a productized service like on Fiverr, eg. Seller will deploy your site onto TOR network and ...
0
votes
1
answer
142
views
Is exposing a bind shell to tor dangerous?
I have a bind shell written in python:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(("127.0.0.1", "710"))
s.listen(1)
conn, addr = s.accept()
print(f"[*] ...
0
votes
2
answers
340
views
Any tool that can prevent ISP from knowing which websites we visit? beside tor?
Any tool that can prevent ISP from knowing which websites we visit? beside tor? while https can help, but still ISP knows which domains/websites we visit. There is no way around it?
Also believe that ...
0
votes
0
answers
171
views
Impact of Deep Learning Based Flow Correlation on Tor
It's been known ever since Tor existed that flow correlation attacks can break Tor's anonymity, but whereas in the past flow correlation attacks had a false positive rate far too high to be useful ...
0
votes
2
answers
506
views
What is the difference between a VPN and a Tor Socks proxy on public wifi?
I seek protection against MITM & snooping of VPN or Tor proxy traffic on public WiFi.
So, what are the different security impacts of each of these 2 solutions:
Using a VPN (like Proton VPN) to ...
17
votes
2
answers
7k
views
Is Tor over VPN a security risk?
In his talk about OPSEC, The Grugq stresses that you first have to go through TOR before connecting to a VPN. Otherwise, the VPN would be a direct link from the endpoint to you. He summarizes:
TOR ...
3
votes
0
answers
130
views
Can botnets/malicious traffic be effectively reduced on my exit nodes?
I host a small collection of TOR exit nodes to the clear net. Believe it or not, the number one complaint I get in my inbox is not due to illegal materials coming through the nodes (of which I have ...
8
votes
1
answer
204
views
Anonymity in initial Key exchange in onion routing
Maybe I will be wrong, please correct me and at the same time answer my question. I know the keys are exchanged between client and Tor relays through circuit extension requests (other than first relay)...
3
votes
1
answer
236
views
Do VPNs log and analyze OCSP requests?
I am a privacy-conscious user currently living in Russia where the Internet is censored and monitored by the Russian state. Russian ISPs are legally required to log and store all users’ Internet ...
1
vote
0
answers
1k
views
What are the risks of running SSH over Tor?
Goal
The intention is to set up an SSH entrance which is more secure (or at least more obfuscated) than a default setup with Port Forwarding or VPN.
Previous research and context
TL;DR, see question ...
1
vote
1
answer
201
views
Does the first node in the circuit connecting the hidden service to the introduction point know the server's IP address?
I am doing research about the dark web. However I find it hard to understand how Tor hidden services work. The whole point of it is to actually anonymize the server from the client so that the client ...
0
votes
0
answers
118
views
Can WebASM provide JavaScript style interactivity without the same vulnerabilities?
JavaScript is useful for interactivity. However, it is often disabled by security conscious browsers, such as the Tor Browser Bundle, and blocked with plugins such as NoScript.
I was wondering if it ...