INTRODUCTiON TO SECURE COMMUNICATION – TOR, HTTPS, SSL

Updated on:
25661

Greetings comrades.

Through my research I have put together some security measures that should be considered by everyone.

Your TOR usage is being watched

The reason I put this together is mainly for the newbies of this forum.

But if I can help anyone out, then I am grateful for this.

I would like to start out by saying, if you are reading like, you are likely a Silk Road user.

If this is the case, then the #1 thing you must be using to even access this form is Tor.

Tor will provide you with a degree of anonymity by using an 128-bit AES (Advanced Encryption Standard).

There has been some debate as to whether or not the NSA can crack this code, and the answer is likely yes.

This is why, you should never send anything over Tor that you aren’t comfortable sharing with the entire world unless you are using some sort of PGP encryption which we will talk about later.

Communication from your computer, to the internet relies on an entry node which basically “enters your computer” into the Tor network.

This entry node communicates with your computer, this entry node knows your IP address.

The entry node then passes your encrypted request onto the relay node.

The relay node communicates with the entry node and the exit node but does not know your computer’s IP address.

The exit node, is where your request is decrypted and sent to the internet.

The exit node does not know your computer’s IP, only the IP of the relay node.

Using this model of 3 nodes it makes it harder, but not impossible to correlate your request to your original IP address.

The problem comes obviously when you are entering plain text into TOR because anybody can set up an exit node.

The FBI can set up an exit node, the NSA, or any other foreign government, or any malicious person who may want to steal your information.

You should not be entering any sensitive data into any websites, especially when accessing them over TOR.

If any of the nodes in the chain are compromised, and some likely are, and the people in charge of those compromised nodes have the computing power to decrypt your request, then you better hope it wasn’t anything sensitive.

So what can we do to fix this? Well, luckily we are now having more and more servers that are offering something called Hidden services.

You can easily recognize these services by the address .onion.

These services offer what’s called end-to-end encryption.

What this does is take the power out of the compromised exit nodes and put them back in your hands.

The web server of the hidden service now becomes your exit node, which means the website you are visiting is the one decrypting your message, not some random exit node ran by a potential attacker.

Remember, the exit node has the key to decrypt your request.

The exit node can see what you are sending in clear text once they decrypt it.

So if you are entering your name and address into a field, the exit node has your information.

If you are putting a credit card, a bank account, your real name, even your login information, then you are compromising your identity.

Another step you can take, is to only visit websites that use something called HTTP Secure.

You can tell if the website you are visiting is using HTTP Secure by the prefix at the beginning of the address.

If you see https:// then your website is using HTTP Secure.

What this does is encrypts your requests so that only the server can decrypt them, and not somebody eavesdropping on your communication such as a compromised Tor exit node.

This is another form of end-to-end encryption. If somebody were to intercept your request over HTTP Secure, they would see encrypted data and would have to work to decrypt it.

Another reason you want to use HTTPS whenever possible, is that malicious Tor nodes can damage or alter the contents passing through them in an insecure fashion and inject malware into the connection.

This is particularly easier when you are sending requests in plain text, but HTTPS reduces this possibility.

You must be made aware however, that HTTPS can also be currently cracked depending on the level of the key used to encrypt it.

When you visit a website using HTTPS, you are encrypting your request using their public key and they are decrypting it using their private key.

This is how cryptography works.

A public key is provided to those who want to send an encrypted message and the only one who can decrypt is the one with the private key.

Unfortunately, many websites today are still using private keys that are only 1,024 bits long which in today’s world are no longer enough.

So you need to make sure you find out which level of encryption the website you are visiting uses, to make sure they are using at a minimum 2,048, if not 4,096 bits.

Even doing all of this unfortunately is not enough, because we have another problem.

What happens if the web server itself has become compromised? Maybe your TOR nodes are clean, maybe you have used HTTPS for all your requests, but the web server itself of the website you are visiting has been compromised.

Well then all your requests are again, as good as plain text.

With that being said, this will conclude the first post in this series of the steps we can take to protect our privacy online, to remain anonymous and maintain our freedom.

Write for us

Disclaimer:

The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.

19 COMMENTS

  1. Anonymused

    Thank you for your hard work here. You making this world a better place 🙂

    • Anonymous

      Please, help me In stealing money

    • Anonymous

      help me please

  2. Thank you for your insight and dedication to preserving the freedom in the rapidly evolving world that we live in today

    • Anonymous

      is there any completely free vpn?

  3. Anonymous

    When using Tor,i check the log sometimes and i see “bogus server sent….”what does that mean?

  4. Anonymous

    hi i have a question i need the guide for escrow service for the dream market place iam a beginner to order here i love what i learned the old normal real market but in this time i must go other ways this way hope you can help me with a link thanks

  5. Anonymous

    how to use tor

  6. Anonymous

    Interesting, VERY INTERESTING indeed.

  7. Anonymous

    Really helpful for newbies and alike…Thanks guys n keep up the good work, informing us FURTHER about GOVERNMENT ESPIONAGE.

  8. Anonymous

    A very interesting article. I have no intention of downloading TOR or using a VPN to read this. Why should I it would indicate I was up to no good, which I am not. I have used the internet since it first became available , like millions of others, without any major problems . I am always trying to increase my pc knowledge though. Always been intrested in codebreaking since the Cold War era. I know for example that the space race was just a by-product of ever increasing needed computer power fir codebreaking

    • Anonymous

      “I have no intention of downloading TOR or using a VPN … it would indicate I was up to no good”. Uh… only to a noob. Using a VPN indicates you want to keep your communications private, as when you’re making financial transactions or transmitting sensitive information (to your attorney, perhaps). If you work for or attend a university, you probably use Tor every day without knowing it to access books, papers and receive emails from students and staff. The “deep net” is loaded with harmless material that hasn’t been itemized and identified by google’s bots (experts: please forgive my misused terminology). Tor gives you access to a YUGE part of the internet invisible to google, and a VPN protects you from hackers and snoops sticking their noses into your business.
      “…up to no good” is when you’re actually PURCHASING illegal material, such as drugs, child porn, terrorist recruiters, hit men, stolen credit cards… that sort of thing. You are allowed to LOOK at the names of those sites to your heart’s content. Just don’t open them or buy any of their products, or you may get a visit from law enforcement.
      Or not. Illegal sites are doing a brisk business these days (now that Alpha and Hansa have been shut down), and law enforcement (LE) is working overtime to keep up. Most LE officers are not skilled in computer tech, and rely on their few tech-savvy employees (plus a couple busted hackers trying to stay out of prison) for their investigations. The Deep Net not easy to figure out. I’m not stupid, but this is the steepest learning curve I’ve ever tried to negotiate!
      Smart people protect themselves, their identity AND their data no matter where they are. A VPN is the equivalent of double-locking your front door at night, even if you have a cop living right next door. It won’t keep the real pros out, but it will deter the dumb kids — and there are lots more dumb kids breaking into your communications than real pros (the real pros are busy stealing from the banks and major corporations).

  9. Anonymous

    How to be completely anonymous, which operating system should I use and what changes need to made in it, how to switch off location’s hardware from computer, and become completely untrackable for my internet service providers so that they can’t track what kind of data packets I’m receiving.

  10. Anonymous

    Just getting started educating myself on this subject of personal IT security. Great info!!

  11. Anonymous

    I have been using a very good vpn security and tor browser for a long time, so is there any chances that i am trackable by the govt agencies?

  12. Anonymous

    hello guys, how do i use the Tor??

  13. Anonymous

    You mentioned SSL in the title but it is never mentioned in the document. But good read.

  14. Anonymous

    Although you can get a VPN, Tor and use something like Tails, there is no mention here of identifying the machine you’re on; a website knows all about the browser you are using, your OS, screen size and maybe details that identify your computer uniquely. Do any of the tools mentioned do anything to obscure any of that? Also browsing and typing habits, visit times etc. All these things are transparent, if you host a website you can see all this info about your visitors. Any thoughts?

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.