Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dark web browsers security


  • Please log in to reply
9 replies to this topic

#1 ComputerKlutz

ComputerKlutz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 13 March 2016 - 01:12 PM

Are there any security precautions I should follow when I use dark web browsers like Thor. For example, are viruses and malware more prevalent on dark web browsers? Thanks for your assistance



BC AdBot (Login to Remove)

 


#2 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:09:15 PM

Posted 13 March 2016 - 01:38 PM

As for the browser itself... no as long as you download the official TOR Browser Bundle.

If you are using it purely for browsing the surface web anonymously then you just need to exercise normal caution. If you are browsing dark web sites though, STOP! Do not browse the dark web outside of a VM, at public wifi, with javascript and flash disabled unless you want a whole host of viruses and worse on your PC.
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 AM

Posted 14 March 2016 - 03:50 PM

Do not browse the dark web outside of a VM, at public wifi, with javascript and flash disabled unless you want a whole host of viruses and worse on your PC.

 

Can you clarify this? It's not clear to me what you recommend to do and what you do not recommend to do.


Edited by Didier Stevens, 14 March 2016 - 03:50 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 rp88

rp88

  • Members
  • 2,980 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:15 AM

Posted 14 March 2016 - 08:19 PM

Tor has Noscript bundled with it. This will provide pretty good security against drive-by attacks when you browse websites, but obviously it won't protect you againts viruses in any files you download, or attacks from any pages which you choose to allow to run scripts. malwarebytes anti-exploit lists tor as one of the browsers it can protect, so that's a second line of defence. These are security precautions against drive-by infection, they are not privacy/anonymity tips, to be fully private/anonymous in browsing as well as safe from infection there's a whole load of other things you would need to do as well. In general browsing the normal web via tor, rather than via normal browsers, should be not higher in risk than browsing the normal web through normal browsers, the same precautions apply (noscript and malwarebytes anti-exploit are every useful to have for normal browsing whether you ever do anonymous browsing or not). If you want to use tor to browse other places that can't be reacehd via normal browsers then the chances of infection are going to be extremely high. And although one should never doubt the importance of privacy and anonymity to anyone, I will say that you almost certainly do not need to be going to those sort of places. Actually it's quite possible you don't NEED tor, not many people NEED to be that private/anonymous, but some day you MIGHT NEED to, or perhaps you would just LIKE to, so asking the question you have asked may be of help to you some day.

Edited by rp88, 14 March 2016 - 08:20 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#5 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:09:15 PM

Posted 15 March 2016 - 08:46 AM


Do not browse the dark web outside of a VM, at public wifi, with javascript and flash disabled unless you want a whole host of viruses and worse on your PC.

 
Can you clarify this? It's not clear to me what you recommend to do and what you do not recommend to do.

I recommend avoiding the dark web completely. Unless you are absolutely supposed to be browsing it as part of your job (in which case you wouldn't need to hear my recommendations you would already know what you are doing), it's a very bad idea. If you insist on ignoring my recommendations, I suggest browsing ata location far away from your residence, inside a Linux VM with JavaScript and Flash disabled.
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 AM

Posted 15 March 2016 - 03:18 PM

Sorry, but I still fail to see why you suggest using a public access point. I don't see how that helps with malware.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:09:15 PM

Posted 15 March 2016 - 04:40 PM

Sorry, but I still fail to see why you suggest using a public access point. I don't see how that helps with malware.

It doesn't. I'm saying that for physical security reasons as I have talked to someone who had been stalked by some very scary types after clicking on the wrong darknet link. Not sure how true that was or what the neck the kid was doing in that part of the net in the first place, but you can't be too careful.

Edited by ScathEnfys, 15 March 2016 - 04:41 PM.

Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 AM

Posted 16 March 2016 - 08:35 AM

So you suggest using a public access point for more anonymity? If bad guys can figure out your IP address, they'll have the IP address of the public wifi and not of your home.

That is a valid point, if you speak of the physical security of the person (not of the computer).

However, using a public access point (especially if WiFi is unencrypted) brings extra risk to the computer.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:09:15 PM

Posted 16 March 2016 - 10:41 AM

-snip-
However, using a public access point (especially if WiFi is unencrypted) brings extra risk to the computer.

If you're connecting to the darknet you can hardly get any worse. But that is why I suggest a VM anyway. (And preferably regularly reset the VM to an earlier snapshot / wipe it completely)
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#10 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:01:15 PM

Posted 16 March 2016 - 05:03 PM

Remember that Tor anonymizes the origin of your traffic, and it encrypts everything inside the Tor network, but it can't encrypt your traffic between the Tor network and its final destination. If you are communicating sensitive information, you should use as much care as you would on the normal scary Internet — use HTTPS or other end-to-end encryption and authentication.

The Warning. https://www.torproject.org/download/download.html.en#warning

How Can I Stay Anonymous with Tor? http://lifehacker.com/how-can-i-stay-anonymous-with-tor-1498876762
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users