Encrypted Chatrooms & VoIP Applications

Encrypted chatrooms and VoIP services, such as like WhatsApp and Telegram, are not only great for business communications, but they critically important for human rights defenders and political activists fighting around the world – especially in at risk or oppressive countries. It is important to understand that even if you are living in a country which has banned Tor, VPN’s or applications such as Telegram, and you are afraid to use/install those programs out of fear of persecution, encrypted chatrooms can be equally as easy to use and remain 100% legal to boot.

For example, even in countries like Egypt, Iran, Pakistan – et cetera – which have either outright or periodically banned VoIP services such as Telegram and Viber, other chatroom-based services like Chatbox or Slack are still free and legal to own, and can be used to protect private communications all the same. In fact, political activists in countries such as Ethiopia and Egypt are known to have used encrypted chat services to safely coordinate communications, rallies and protests in times of great civil unrest, such as during the Oromo protests and Rabba Massacre. I know this because I was there on the front-lines helping to set up their accounts.

It’s usually free to sign up for these services, and all you need is a verified email address or phone number to login. Then, once enrolled, you can encrypt your chatroom by setting up a custom name/URL for it and requiring password authentication for entry. This assures that only the people you give the URL address to will be able to find it, and only those who know the password to it will be able to enter. Additionally, once set up, you can even set up individual channels within the chatroom itself for a duel level of security/encryption. This includes setting custom rules for different channels, such as requiring Administrator approval for access. This assures that if even someone is able to brute-force their way into your chatroom itself, there are still protocols in place to protect individual communications and information within the chatroom itself.

Additionally, especially if you are doing activism or human rights work, or feel that your life/security could be in danger for the work you do, it is always recommended to never use your real life identity or personal email accounts to set up an encrypted chatroom or channel. Instead, you should always create an online alias and use it to register a new account within an encrypted email service provider, such as ProtonMail or Tutanota. Obviously, this advice need not apply for those of you who are using these services for business purposes. Lastly, some chatroom services actually offer built in video chats, allowing for a third means to make secure voice connections outside of standard phone calls or VoIP services.

For more information on how to keep a safe, private and Anonymous identity online, please read the following tutorial: https://anonhq.com/anonymous-security-guide-2-0/

For more information on different encrypted email service providers and how you can make the switch, please read the following link: https://roguemedia.co/2019/11/02/making-the-switch-to-encrypted-emails-2/

Best/Top Chatroom Service Providers:

Voice Over Internet Protocol (VoIP):

While VoIP services are not necessarily essential for everyday phone use, they do offer critical protections for political activists, journalists, researchers and citizens living under oppressive regimes all around the world. VoIP stands for Voice over Internet Protocol, which is just a fancy way of saying they transport all calls and messages over established internet connections, rather than routing them through your telecommunications or phone service provider – such as AT&T or Verizon.

In areas like the United States and European Union, VoIP services are important to own because they prevent your data from being intercepted, recorded or stolen by telecommunications companies and other interested 3rd parties, such as Governments, thus protecting any information you send across the wires. VoIP services also offer the ability to encrypt messages or calls between like users, further protecting customer privacy. By comparison, both of these options are unavailable on standard text messages or phone calls straight from your phone provider. In politically oppressive countries around the world, VoIP services are even more important because they offer a critical means to bypass Government imposed restrictions or blockades on national telecommunications on a local level, while also allowing users to make international calls entirely for free.

While this might sound a bit complex or advanced, once installed, operating a VoIP connection/application is no more different or complicated than making a regular phone call or sending traditional text messages. Instead of using your normal texts messages or phone App, you simply download a VoIP App and log into that to make/receive calls and texts – it’s literally that easy. Lastly, VoIP connections offer a secondary means to reach your contacts, should your phone lose service, go out of cell tower range or come under blackout. Rather than relying on the signal strength of your network service provider of choice, all you need is an active internet connection to utilize a VoIP services.

The Best/Top VoIP Service Providers:

 

CgAn – Rogue Media: Introductory Guide To DarkNet’s

The Internet is the global system of interconnected computer networks that use the Internet protocol suite (TCP/IP) to link devices worldwide. It is a network of networks that consists of private, public, academic, business, and government networks.

The 3 Layers of The Internet:

ClearNet. The “World Wide Web,Surface Web, ClearNet or simply referred to as the Web. Quite simply, the Surface Web refers to the portion of the internet only accessible by standard search engines – such as Yahoo, Bing and Google. While Google search results may feel endless at times and while you might think of them as being quite large in size, in reality, the Surface Web only consists of roughly 7% of the combined browse-able/accessible internet. Typically, it’s used for Email, Fax, File sharing, File transfer, Games, Instant messaging, Podcasts, Voice over IP, Searches, Streaming – etc.

Deep Web. The “Deep Web,” invisible web, or hidden web are parts of the World Wide Web whose contents aren’t indexed by standard search engines – for any reason. Rather, the content is hidden behind HTML forms, Javascript and custom code to protect it from the public eye. Generally speaking, the Deep Web is host to roughly 92% of anything which can be found on the internet. Typically, the Deep Web consists of information such as web archives, scholarly articles/resources and network databases such as cloud servers. While this isn’t the case 100% of the time, you usually also need a 3rd party software system, such as the “Tor Browser,” in order to access at least some of its content as well.

To describe how it works, think about all of the web pages you can visit on your bank accounts homepage or email account. While all of those sites, links, addresses and emails technically exist on the internet, and while you can still search Google for Bank of America‘s website, this doesn’t mean you can search Google for the web pages associated with each Bank of America’s customers accounts. Nor can you search Google to find everyone elses emails hosted on Gmail – get it? Those web archives still exist on the internet all the same as their homepages, but are not indexed on the Surface Web to be publicly available – which is why we say they exist on the Deep Web, below the normal surface layer of the internet.

DarkNet. While the Deep Web is in reference to any site that cannot be accessed through traditional search engines, the “DarkNet” or “Dark Web” is a small portion of the Deep Web that has been intentionally hidden to hide in plain site, and is completely inaccessible via standard browsers and search methods. The DarkNet is by far the smallest layer of the Internet, estimated to consist of less than 40,000 websites in total – less than 1% of the browse-able internet.

Not only will you need to install a special type of software to access a DarkNet website, but the URL Address associated with it will almost certainly be encrypted with a randomized sequence of numbers and letters – literally making it impossible to find or type in by accident. Instead, you must know exactly what this sequence is – usually from someone else who already knows or has it. Even then, once there, you will also most likely need to enter a custom password in order to enter – making it virtually impossible to browse any DarkNet webpage without the proper permission.

As explained by CyberGuerrilla, DarkNet websites don’t rely on the IP/DNS system (typing mysite.org in a web browser will take you to an IP address like 10.11.12.13). Darknet websites are accessible only through networks such as Tor “The Onion Router” and I2PInvisible Internet Project” and their respective software. Identities and locations of DarkNet users stay anonymous and cannot be tracked due to the layered encryption system. The DarkNet encryption technology routes users’ data through a large number of intermediate servers, which protects the users’ identity and guarantees anonymity. Due to the high level of encryption, websites are not able to track geo-location and IP of their users, and users are not able to get this information about the host; communication between DarkNet users is highly encrypted allowing users to talk, blog, and share files confidentially.

The DarkNet is also used for illegal activity such as illegal trade, forums, and media exchange, making it a prime target for Law Enforcement Agencies around the world. The 2 main DarkNet‘s networks are TOR (The Onion Router) and I2P ( Invisible Internet Project). While Tor focuses on providing anonymous access to the Internet, I2P specializes on allowing “anonymous” hosting of websites called “Eepsites.

Active Darknets worth mentioning:

Freenet is a peer-to-peer platform for censorship-resistant communication. It uses a decentralized distributed data store to keep and deliver information, and has a suite of free software for publishing and communicating on the Web without fear of censorship
GNUnet another peer-to-peer network that offers users full link encryption.

Decentralized network 42 (not for anonymity but research purposes)

Syndie is software used to publish distributed forums over the anonymous networks of I2P, Tor and Freenet.

Riffle is a client-server Darknet system that provides secure anonymity and minimal bandwidth

Tor Browser and Tor-accessible sites are widely used among the Darknet users and can be identified by the domain (.onion). Servers configured to receive inbound connections only through Tor are called hidden services. Rather than revealing a server’s IP address (and thus its network location), a hidden service is accessed through its onion address,

The TOR Network works by bouncing your communications around a distributed network of relays (nodes) run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.

Tor passes your traffic through at least 3 different servers before sending it on to the destination. Encrypting your packets and bouncing them around the Internet isn’t cost less. All that extra work means that browsing the Web via Tor feels sluggish compared to using a conventional browser. Tor is not meant to completely solve the issue of anonymity on the web and is not designed to completely erase tracks but instead to reduce the likelihood for sites to trace actions and data back to the user. Users are also warned to use https versions of websites, not to use Tor over Tor, not to torrent with Tor, not to enable browser plugins, not to open documents downloaded through Tor while online, and to use safe bridges. Also, Bittorrent over Tor is not anonymous.

References:

https://en.wikipedia.org/wiki/Internet
https://en.wikipedia.org/wiki/Dark_web
https://en.wikipedia.org/wiki/I2P
https://en.wikipedia.org/wiki/Tor_(anonymity_network)

Software:

The FreeNet Project: https://freenetproject.org/pages/download.html
The Tor Project: https://www.torproject.org/
I2P: https://geti2p.net/en/download

Projects Using TOR:

Tor Browser: https://www.torproject.org/projects/torbrowser.html.en – comes with a pre-configured web browser to protect your anonymity, and is self-contained (portable)

TAILS Operating System (Linux): https://tails.boum.org/about/index.en.html – Tails is a live system that aims to preserve your privacy and anonymity

Whonix Operating Systems (Linux): https://www.whonix.org/ – Whonix is a Debian GNU/Linux based security-focused Linux distribution. It aims to provide privacy, security and anonymity on the internet

Orbot (Tor for Android OS’s): https://guardianproject.info/apps/orbot/

Warnings:

Some links may be disturbing and dangerous to visit.

To avoid be tracked or watched online, I strongly recommend you to run a VPN service on the system that you access. VPN will give you a double layer protection against the unknown.

** DISCLAIMER: BEFORE YOU ACCESS THESE LINKS YOU SHOULD UNDERSTAND THAT SOME CONTENT PROVIDED ON THESE DEEP WEB LINKS MIGHT BE DISTURBING, UNPLEASANT OR FRAUDULENT. VISIT THEM AT YOUR OWN RISK. WE RECOMMEND TO USE THOSE DEEP WEB LINKS ONLY FOR RESEARCHING PURPOSES! WE ARE NOT RESPONSIBLE FOR ANY DAMAGE CAUSED BY YOUR ACTIONS! **

Some Popular TOR .onion Sites:

http://hss3uro2hsxfogfq.onion/ (notEvil search engine)
http://xmh57jrzrnw6insl.onion/ (TORCH search engine)
http://uhwikih256ynt57t.onion/wiki/index.php/Main_Page (Uncensored Hidden Wiki onion link)
http://answerstedhctbek.onion/ (uncensored General-subject Q&A forum)
http://torvps7kzis5ujfz.onion/ (VPSSHell .onion hosting)
http://grrmailb3fxpjbwm.onion/ (TorGuerrillaMail – Disposable Temporary E-Mail Address)
https://protonirockerxow.onion/ (Fully encrypted email hosted in Switzerland offering free accounts)

Clearnet HTTPS signup & JavaScript! Must pay or verify via previously existing email or SMS to get an account

http://nzh3fv6jc6jskki3.onion/ – Riseup provides online communication tools for people and groups working on liberatory social change
http://tetatl6umgbmtv27.onion/ (Tor Chat roulette style service)
http://6dvj6v5imhny3anf.onion/ (CyberGuerrilla leAkboX)
http://76qugh5bey5gum7l.onion/status.xsl (Deep Web Radio)
http://deepdot35wvmeyd5.onion (DeepDotWeb -Surfacing the News)
http://grams7enufi7jmdl.onion (Search Grams)
http://kpynyvym6xqi7wz2.onion main.paraZite (Anarchy files and Underground)
http://valhallaxmn3fydu.onion (Valhalla Market)
http://silkkitiehdg5mug.onion (Silkkitie Market)
http://lchudifyeqm4ldjj.onion (Dream Market Dark Web Market)

Some I2P:

http://direct.i2p/ (Direct Search)
http://forum.i2p (Main i2p Forum)
http://imgbi.i2p img.bi (Secure Image Hosting)
http://pastethis.i2p/ (Pastebin)
http://zerobin.i2p (ZeroBin)
http://git.repo.i2p/ (Anonymous Git Hosting)
http://freedomforum.i2p/ (Privacy Forum)
http://leakager.i2p/ (A Cat’s Mirror of Wikileak)

General Chatter Putting In Perspective:

[Mink] oh, then go go go
[Mink] right, today we are going to talk about Darnets and TOR in particoular
[Mink] *darknets
[Mink] i made few notes to read to get us started
[Mink] https://pad.riseup.net/p/r.50b7831a5a3e919781433e4819976169
[Chanlog] Title: Riseup Pad (at pad.riseup.net)
[Mink] please, wait 10 minutes before starting to ask questions
[Aspire] ok
[n1ck1] yeah
[Mink] i’ll just write few points here while you read
[Mink] the Internet is big, really big
[Mink] what we think of the internet are webpages, blogs, email, instant messaging, webradio, voip (like skype) etc
[Mink] most of those services use the tcp/ip protocol to connect the resouces together
[amoruxX] When do we start ?
[RedAcor] Already started.
[Mink] oh amoruxX , we just did
[Mink] fundamental to make the internet work is the IP/dns concept, where a number (like 176.23.98) gets translated to a name (like mysite.com) and back
[Mink] this makes these resources available to the public and available to Search Engines (like google and yahoo)
[Mink] once a new website name is registered, a IP address is assigned to it
[Mink] this is what most people call “the internet” but there is much more
[Mink] there is a part most people will never see
[Mink] it is hidden on purpose
[B[U]G] where the address is assigned by your isp Internet Provider Service , where are two ip address ( public ) and ( local ) with mask subnet and principal gateway , the public have han UDP connetion to the internet call other service and TCP have an entrance connection to localhost
[Mink] imagine big companies networks, government agencies, or really anyone that doesn’t want their site or resources been indexed by search engines
[Mink] that we will call “DARKNET” or hidden web
[Mink] sorry “deepweb”
[Mink] :”)
[Mink] deepweb/invisible/hidden, basically not available to the public
[Mink] unless you have a login/password or a very precise address
[Mink] the deepweb is the biggest part of the internet
[B[U]G] This is because it is not possible to search through a search engine because each address is generated randomly
[Mink] in the deepweb, there is a small portion that we can only see with “special software”
[Mink] that we will call “darknet”
[Mink] for today we will talk about the main Darknet networ, the TOR (onion) network
[Mink] with TOR software (like torbrowser) we can access the normal web AND the onion network
[Mink] onion sites end with .onion and use different protocols from the norm
[Mink] the TOR network anonimize both the user and the server, automatically
[Mink] as a user, your traffic will pass trough at least 3 different servers, before reaching the target site
[n1ck1] what are the names of the different protocols for me to look for later?
[B[U]G] thanks to a connection called “onion”, by most users who share the relay
[Mink] sock
[B[U]G] “cipolla”
[n1ck1] ok tks
[n1ck1] I need t reed more about socks
[Mink] all the traffic from those servers (called “nodes” or “relay nodes” is encrypted
[Mink] making using the tor network slower than normal
[Mink] surfing the web is the main use of TOR, but it can be used to send/receive mail, IRC (like i’nm doing right now) or even voip (IF YOU CAN GET A FAST CONNECTION
[Aeolus] you can voip through tor?
[Mink] yes, with a bit of luck
[Aeolus] cool, didnt know that
[Mink] TOR can be used pretty much like any other proxy
[Mink] u could plug it in Thunderbird for emails
[Mink] in Hexchat for IRC
[B[U]G] using the gpg encryption with thunderbird or claws mail for more security
[Mink] in Mozilla for ftp, etc
[n1ck1] voip + “proxuchains firefox(TOR)”
[n1ck1] three at a time, using a VPN to open the terminal with the configured proxychains and run the TOR browser??
[Arkhangel] why with torrent no, p2p
[Arkhangel] ?
[n1ck1] VPN….voip=error
[Mink] no, but you can use vpn+TOR
[Aeolus] like me
[n1ck1] why not proxychains too?
[n1ck1] tor first or VPN first?
[B[U]G] proxychains is a simple script
[Aeolus] vpn then tor
[Aeolus] for me
[B[U]G] tht filter tor
[Aeolus] others prefer elseway
[Mink] Bittorrent over Tor is not anonymous, becouse needs to aware of other seeds/leecher sharing the files
[B[U]G] you can use for launch any application
[l0t3D_] what difference does it make
[Mink] also would put too much stress on the network
[Arkhangel] Aeolus, if someone uses TOR then VPN, I dont think he can access to onion network xD
[l0t3D_] Mink how do you even Bittorrent over tor?
[Mink] so p2p with TOR: possible, but really a waste of time
[n1ck1] yeah…rsrsrs I see
[B[U]G] l0t3D_, set tor as proxy socks
[B[U]G] or http
[B[U]G] (client)
[B[U]G] or generate
[Mink] again, it’s just possible to plug TOR port in your client
[B[U]G] iptables rules
[n1ck1] VPN + TOR is the best right?
[Mink] yes n1ck1
[Arkhangel] Mink do u mean that seeders/leechers should know your real IP?
[B[U]G] the best configuration are , tor – vpn – tor ,
[Mink] but now.. the bad part
[Aeolus] Arkhangel i used to be able to do that especially with my whonix settings
[l0t3D_] so to “torrent over tor” you need to plug TOR into my bittorent client
[Aeolus] i talk about normal browsing when you want to use tor as an extra layer
[Arkhangel] Aeolus U think that the best configuration is the config shown by B[U]G XD
[l0t3D_] but if i torrent normally and TOR is running that’s okay right?
[Mink] yes Arkhangel ,serius bitorrent users should use proxies or VPNs , not TOR
[Aeolus] Arkhangel xD
[Mink] yes l0t3D_
[l0t3D_] okay
[Arkhangel] what is the bad part? Mink
[Mink] ok, let me make one more point, then u free to ask questionbs
[Mink] right, bad part is TOR is not perfect
[n1ck1] a few days ago they tracked the IP of many users
[Mink] and it’s been under scrutiny for vulnerabilies for years
[Arkhangel] I think* (I wrong to write before lol)
[Mink] “”Tor is not meant to completely solve the issue of anonymity on the web and is not designed to completely erase tracks but instead to reduce the likelihood for sites to trace actions and data back to the user””
[Mink] there are ways and attacks to “deanonimize” a small portion of TOR users
[n1ck1] how?
[B[U]G] for example
[Aeolus] like FBI running nodes
[B[U]G] a plugin
[Aeolus] 😀
[B[U]G] in browser
[B[U]G] you can deanonymize you
[Mink] ” Users are also warned to use https versions of websites, not to use Tor over Tor, not to torrent with Tor, not to enable browser plugins, not to open documents downloaded through Tor while online, and to use safe bridges.”
[Arkhangel] why?
[B[U]G] by an javascript exploit
[Arkhangel] how a plugin can do this?
[l0t3D_] Aeolus do they?
[Aeolus] yes ofc they do
[B[U]G] or you find it on an exit node,
[Arkhangel] a javascript exploit that affects the TOR software or the plugin itself?
[Mink] the NSA is known to have run TOR “nodes” , also known as a man-in-the-middle attack
[n1ck1] TOR over TOR?
[l0t3D_] Tor over Tor? Mink
[Mink] never tor-over-tor
[l0t3D_] hahaha n1ck1
[l0t3D_] how do you even TOR over TOR
[n1ck1] so far so goof rsrsrs
[Mink] that would be running 2 instances of TOR
[Arkhangel] in which manner TOR over TOR can make u not anon?
[l0t3D_] Mink tor stops you from doing that
[n1ck1] like in the real machine and the VM use TOR?
[B[U]G] sure
[Mink] it’s like an internal thing, the “relay” will just not work, 2 likely result, no traffic go trogh, or worse no encryption between the relays
[Arkhangel] lol
[n1ck1] I’m going to print this
[Mink] if you don’t like the 3 “hops” of a standard TOR connection, you can ofcourse increase it
[forceMajeure] the problem with using tor to browse is that 99 out of 100 people will deanonymize themselves by accident without ever realizing it. User error
[Arkhangel] n1ck1 this lesson will be printed later
[Arkhangel] n1ck1 u can access it on the site of cg
[B[U]G] you can use a gateway into your vm as whonix , then use a vpn on you local machine host , and reuse tor setting of your vm gateway
[Mink] ok, now, to cover my ass
[n1ck1] ok thanks Arkhangel
[Mink] WARNING: BEFORE YOU ACCESS THESE LINKS YOU SHOULD UNDERSTAND THAT SOME CONTENT PROVIDED ON THESE DEEP WEB LINKS MIGHT BE DISTURBING, UNPLEASANT OR FRAUDULENT.
[Mink] VISIT THEM AT YOUR OWN RISK.
[Arkhangel] forceMajeure how an user can realize it?
[n1ck1] ok….send please
[Mink] you can see from the list at the bottom of the pad
[Mink] there is a bit of everything
[Mink] email services, blogs, forums, chats
[forceMajeure] lets say you visit your own website, log into ANY account associated with your real identity, attack a cpu of someone you know, just little things
[Arkhangel] forceMajeure and what are the user errors that bring the user to be deanonymized?
[Aeolus] use tor to log to FB
[forceMajeure] look up
[Mink] of course all end in .onion, and using a normal browser won’t work
[Aeolus] something stupid like that
[Arkhangel] forceMajeure ah ok… this should answer to my second question
[forceMajeure] turn on js to access a site, etc.
[Arkhangel] ty
[Arkhangel] forceMajeure why if I use js to access a site, I m not anon anymore? js stores my real IP over TOR?
[Mink] remember, and this is for clearnet aswell, your browser is the single most dangerous point of failure
[forceMajeure] if the site is compromised, someone can use something like burp to insert a malicios js
[forceMajeure] they did it at defcon years ago
[forceMajeure] you should always be using noscript
[Mink] ok, questions, and please let me answer first before giving your opinion
* Aeolus agrees with Mink
[Arkhangel] forceMajeure so if I am on TOR network, if I go on a onion malicious website and I click where I have to not click, this malicious js can decrypt the routing information to get my real IP?
[Mink] yes Arkhangel
[Arkhangel] lol
[forceMajeure] ))
[n1ck1] Is it set by default to accept or reject scripts?
[Arkhangel] sorry but, at this point
[n1ck1] TOR Browser
* Aeolus thinks we all tell shit and not let Mink who knows educate us
[Arkhangel] why didnt they do a strong encryption?
[Arkhangel] that cannot be decrypted?
[Arkhangel] like
[Mink] even worse, it can inject code into your browser, activate your webcam and mic, take screen shots and much more, no kidding
[forceMajeure] true story
[Arkhangel] not inverse hash algorithms
[Arkhangel] not invertible*
[Mink] nothing to do with encryption, JS runs on your computer, not the server
[Arkhangel] Mink if I click on a js hosted on an onion website, it runs on my pc?
[B[U]G] depends
[B[U]G] you can
[Mink] not only .onion
[B[U]G] disable flash/javascript
[Aeolus] js runs client-side
[B[U]G] and disable WebRTC leak
[B[U]G] on you browser settings
[Arkhangel] good to know XD
[Arkhangel] y
[Arkhangel] I have other different questions
[Mink] ok
[Arkhangel] the onion websites store the (false) IP of each user accessing to it?
[Mink] no
[m00trix] Let’s just agree on that TOR is great. If used out of the “box” the TOR Browser will in most cases keep you safe. If you decide to disable or allow sites through the build in TOR Browser plugins, you are taking a risk that not even TOR, nor any other level of anon tools can protect you from.
[RedAcor] For webrtc settings: https://www.privacytools.io/#webrtc
[Chanlog] Title: Privacy Tools – Encryption Against Global Mass Surveillance (at www.privacytools.io)
[B[U]G] or simply edit your about:config asd
[Arkhangel] Mink, if today TOR gives me a certain IP address, tomorrow or after a month, another user of another part of the world can be assigned to that same IP?
[B[U]G] to http.refer and media.peer connection
[m00trix] Arkhangel, yes that is the hole point…
[Mink] the TOR network will not need your IP address, the danger of that comes from javascript/ajax/bad code
[B[U]G] how all – all store a log , depends if the owner delete it
[Arkhangel] m00trix why “hole point”?
[m00trix] yea
[m00trix] if 200 users on that exit node
[m00trix] with the same “ip”
[B[U]G] but the node change every time
[m00trix] you get plausible deniability
[Arkhangel] is it a problem if an IP assigned by TOR is used in the future by another user?
[m00trix] no
[m00trix] its a bonus
[Arkhangel] ah ok xD
[Mink] again, TOR will not give you an IP address, but an “identity”
[m00trix] yea Mink
[Arkhangel] Ok Mink so that “IP” address does not work on IP protocol?
[m00trix] I think he means when using the browser, it tells the exit nodes ip
[m00trix] 🙂
[Arkhangel] yes, in practice
[l0t3D_] okay so if i have scripts disabled globally but lets say i enable it only on youtube to play a video
[n1ck1] how many connections can a node make with the same IP
[Mink] yes Arkhangel , TOR architecture does not use the same IP ]DNS as normal internet
[m00trix] that IP is your source proxy IP when browsing trough the TOR browser
[m00trix] or using any service to proxy through it
[n1ck1] and how many users can be on the node at the same time?
[l0t3D_] could another malicious website use that youtube tab to attack me?
[Mink] when a new .onion site is created it doesn’t get a IP address, but a .omnion address
[n1ck1] sorry…. my mistake
[n1ck1] but a node can handle how many requests?
[n1ck1] and perform how many for another node?
[B[U]G] all it’s possible this it happens if youtube link it’s embedded in page builded ad hoc
[m00trix] Mink, still, when you use the TOR Browser, it will tell you what the exit nodes IP is when you start it. That exit node IP is also the source of the browser requests you make and the source of any program you proxy trough it
[Arkhangel] Mink in practice you are saying that, unlike normal internet where a service like a website is on the 3rd level (IP level ISO/OSI), the onion network is completely on the 7th level (application level) of the
[Mink] ok, to spend those few minutes: TOR isn’t the only darknet network
[Arkhangel] ISO/OSI?
[m00trix] okay stop
[l0t3D_] if it’s a normal youtube link i opened myself B[U]G?
[Mink] wot?
[B[U]G] depends if in source
[B[U]G] a function
[B[U]G] call
[m00trix] When you are using the TOR browser, to go on midgetporn.org or whatever. Midgetporn.org will see your source IP as the exit nodes public IP
[B[U]G] a malicious “file”
[B[U]G] or host
[m00trix] simple as that
[Aeolus] guys thanks for today info. i suppose logs will be up later so i can read again, got to go.
[Aeolus] good work Mink thx 🙂
[Mink] you welcome Aeolus
[Arkhangel] in practice m00trix your machine is overlapped on the exit node
[l0t3D_] but if there is nothing in this source but there is a malicious “file” in another tab i have opened in the same time but I have no scripts enabled?
[m00trix] fire up the TOR browser, and press the “test tor…” thingy
[forceMajeure] Is it possible for tor to assign you a new circuit while an existing connection is still established say through a python script ran through port 9050
[B[U]G] for example : [script src=”DownloadThisEvilCode.js”/] [iframe]youtube embedd[/iframe]
[Mink] Arkhangel, , you want to rephase your question?
[B[U]G] afk
[forceMajeure] thus severing the connection
[m00trix] any site that want’s to can see the visitors source IP – and with TOR browser, that source IP is the IP of the current exit node your are on.
[Arkhangel] Mink, about the https://en.wikipedia.org/wiki/OSI_model
[Chanlog] Title: OSI model – Wikipedia (at en.wikipedia.org)
[m00trix] really pretty simple
[m00trix] jesus
[Mink] yes forceMajeure , not only possible, but advisable, tor will change nodes randomly to add anonimity
[Mink] Arkhangel, i know the OSi model :/
[forceMajeure] but what happens to the connection that was established before the circuit changes
[Arkhangel] Mink, if the normal websites have associated IP
[forceMajeure] is it passed into the new connection
[Arkhangel] so the 3rd level of OSI model
[Arkhangel] the onion network, since it does not have IP, it is completely on the application level of OSI model?
[m00trix] no
[forceMajeure] I guess I could see what happens by sending newnym to 9051 I just thought of that
[Arkhangel] since it does not have IP ( i mean the onion websites)
[Mink] no Arkhangel
[m00trix] you need to not compare hosting an onion site with using the TOR browser
[Mink] lets’ amke it clear TOR and TORbrowser are 2 different things
[Arkhangel] y
[m00trix] I think Mink covered all the questions really good already
[Arkhangel] in the pad
[Mink] torbrowser connects to tor
[Arkhangel] it talks about the Freenet platform
[Mink] yes?
[Arkhangel] continue xD I was thinking u finished to answer my prev question xD
[Arkhangel] ok so torbroweser, application level, connects to TOR network
[Mink] yes, trough socks
[Arkhangel] socks is an application protocol?
[Mink] taht’s 5 i think
[Arkhangel] ah ok
[m00trix] Arkhangel, you need to unleash your mind from that OSI layer shit 😀
[Arkhangel] ahahahah
[Arkhangel] ok xD
[n1ck1] socks is a protocol right? the TOR Browser is the application?
[Arkhangel] y
[Mink] yes n1ck1 , but it’s easy to confuse “an application(like a program) and the “application layer” of the stack
[Mink] so yes
[Arkhangel] tell me when I can continue with another question
[m00trix] Arkhangel, if you fire up a VM with like parrotsec.org OS – It have a build in function that routes all traffic through TOR. There are other distros that does this as well. But any way, if you do that, you can look into how the traffic flows using the terminal – when all traffic is routed using TOR. Might give you more insight
[l0t3D_] i dont know if this is related to this lesson or not but what are Obfuscated servers?
[l0t3D_] or “obfs”
[Arkhangel] m00trix traceroute?
[forceMajeure] lsof -i -n -P
[m00trix] well for a start heh
[m00trix] and many more
[Arkhangel] ah ok
[m00trix] but it will show you the traffic flow
[Arkhangel] nice to know
[Mink] one thing i wanted to talk about, but we have no time, whonix
[Arkhangel] another doubt is: since ISP knows what I am visiting as website, if I access to an onion website, my ISP can know it?
[vivek] m00trix: you can achieve the same with almost any distro
[m00trix] and if there are like 200 others using the same exit node that you are on, for that current TOR connection – it’s all good.
[m00trix] vivek, I know
[Mink] the ISP will know you are using TOR, but not which sites you are visiting
[Arkhangel] Mink the ISP cannot know the onion address?
[m00trix] no
[vivek] Parrot one is highly unstable and my exp. Was not very good
[m00trix] And if you combine TOR with an OpenVPN on port 443 then even less
[Arkhangel] Mink it because ISP can see destination IP but onion website are not based on IP scheme? this is the reason?
[Arkhangel] or one of the reasons
[m00trix] vivek, I only have a VM with it. But yes, it’s Debian aka unstable heh
[Mink] no Arkhangel , unless the ISp is running the last TOR exit node
[Arkhangel] normally, an ISP in the clearnet precisely what can see from me? Only the IP of website that I am visiting?
[m00trix] Arkhangel, your ISP cant see what sites your are browsing trough TOR
[l0t3D_] [l0t3D_] i dont know if this is related to this lesson or not but what are Obfuscated servers?
[l0t3D_] [l0t3D_] or “obfs”
[m00trix] all your DNS lookups and what you are doing
[m00trix] if you use the ISP’s dns servers
[Mink] in clearnet, your IS know your favourite pornhub page
[Arkhangel] guys so the ISP can read only the DNS lookup table inside the router?
[m00trix] they can see all, but not https login data
[l0t3D_] lol
[Arkhangel] ah ok
[Mink] sorry l0t3D_ , obfuscated are another kinfd of “relay nodes” to help tranport info
[m00trix] Arkhangel, if you use the DNS servers provided by the ISP you have. They can see what sites you visit, the IP of the sites, what traffic you generate, they can see close to anything
[l0t3D_] obfuscated servers are used to access vpn or tor in some places like the great firewall of china?
[Arkhangel] cannot I change the DNS server where I want to go?
[Mink] yes l0t3D_ , and Iran and N korea
[l0t3D_] well i think ill be up on that list soon too
[Arkhangel] provided by other companies?
[m00trix] If you change the DNS servers on your router to some that does not log and are not your ISP’s. They loose the ability to view your DNS req
[l0t3D_] thath’s the only way i can access tor or vpn
[m00trix] next step is then, VPN and TOR
[Arkhangel] m00trix so you mean that then internet in my location does not work lol
[l0t3D_] makes the connection very f’in slow tho
[m00trix] I would advice any one to NOT use the default ISP provided DNS servers as a pure basic step
[m00trix] should be the first step you do on the router
[Mink] l0t3D_, remember for help with anonimity and privacy you can always ask in #opnewblood, we will be happy to help with that
[Arkhangel] m00trix how can we do this?
[m00trix] set WAN DNS to manual and find some good non logging DNS
[Arkhangel] do u know some non logging DNS?
[m00trix] Arkhangel, depends on what router you have
[m00trix] sure
[l0t3D_] thanks Mink
[m00trix] Also you will get arround of most censorship
[m00trix] by stat step alone
[Arkhangel] can you list some of them here?
[m00trix] gov dns blocks
[m00trix] I switch it up
[m00trix] but run
[m00trix] https://blog.uncensoreddns.org/
[l0t3D_] should i call them and ask them nicely to change my DNS? 🙂
[m00trix] some places
[Arkhangel] ty
[m00trix] just login to your router
[m00trix] and change it
[m00trix] if in doubt give me a priv
[Arkhangel] ty very much
[l0t3D_] WAN settings right?
[m00trix] yea
[m00trix] and then
[m00trix] set DNS do manual
[m00trix] not the IP 😀
[m00trix] only dns
[Arkhangel] another question: the pad talks about the freenet platform… is it a software to be installed on my computer?
[Mink] yes Arkhangel
[m00trix] l0t3D_, priv me if you need help
[Arkhangel] what is the difference between freenet platform sw and tor bundle sw?
[m00trix] If I run with my basic ISP DNS servers sites like http://1337x.to/ are blocked 🙂 a torrent site. Gov block
[Chanlog] Title: Torrent Search Engine | 1337x.to (at 1337x.to)
[n1ck1] if I change my DNS the VOIP stops working in my house
[Arkhangel] or better: if torbrowser allows me to access to the tor network, freenet and other shown platforms on pad, what do they allow me to do?
[m00trix] wut n1ck1?
[m00trix] makes no sence
[n1ck1] my ISP has a separate physical VOIP phone but connected by cable to the router
[n1ck1] minha mae é velha e não sabe usar muitas tecnologias e o telefone é similar ao antigo porém funciona como VOIP
[n1ck1] sorry
[n1ck1] my mother is old and does not know how to use many technologies and the phone is similar to the old one but it works like VOIP
[n1ck1] if I switch to any other, VOIP does not work, it has been months of technical visits, tests, and unsolvable configurations.
[RedAcor] Set DNS on your network manager.
[RedAcor] So that will not affect your router.
[RedAcor] Also you can use unbound on your system.
[RedAcor] You can check lesson 4 logs for that.
[m00trix] yes
[m00trix] thx to Mink for a great course 🙂
[RedAcor] There many different and hybrid solutions.
[RedAcor] Anyways. Mink Thanks for delicious lesson. 🙂
[Arkhangel] guys is better vpn tor vpn tor or tor vpn tor?
[Arkhangel] is better starting with vpn or tor?
[n1ck1] YES
[n1ck1] This worked …. It’s simple but I had not thought of it.
[RedAcor] Arkhangel Tor VPN Tor
[Arkhangel] why starting with tor RedAcor?
[RedAcor] Some people use VPN ] VPN ] Tor also
[RedAcor] Because it is secure than VPN. jijiji
[n1ck1] tails pendrive, VPN, TOR, break everything later and throw it in the trash lol
[Arkhangel] instead, when I connect to tor network, when I reach the exit node, the IP of my computer is in clear there?
[RedAcor] If i talk about last bug of TOR: Nah.
[l0t3D_] 2 tor?
[m00trix] Arkhangel, really depends what you are doing also 🙂
[l0t3D_] [RedAcor] Arkhangel Tor VPN Tor
[n1ck1] RedAcor thanks for the DNS tip
[RedAcor] But they fixed that issue.
[RedAcor] n1ck1 You’re welcome.
[Arkhangel] to discover some user, agency like NSA what look for?
[Arkhangel] they use only their exit node and check for all users that go in, or they can know information also about exit node that are not theirs?
[m00trix] hard to say
[m00trix] you need to stop overthinking it
[Arkhangel] im afraid to forget these questions and these doubts xD
[m00trix] I get that bro. But I can’t answer you how the FEDS, CIA or NSA track people on TOR 🙂
[m00trix] or if they even can and with what success
[Arkhangel] dont worry. I have a last question: why tor works on SOCKS and not HTTP/HTTPS protocol?
[m00trix] Arkhangel, per design I think
[Arkhangel] in the network settings, for HTTP/HTTPS I cannot use the 9050 or 9150 port to use TOR, right?
[m00trix] network settings for what?
[m00trix] program
[Arkhangel] for example if you want to use a proxy on the system of the operating system
[m00trix] what OS Arkhangel
[m00trix] You want to route all traffic out through TOR
[Arkhangel] windows or linux-based
[Arkhangel] y
[Arkhangel] in that case for HTTP/HTTPS I cannot use port 9150
[Arkhangel] right?
[Aspire] i have to go bye all and thanks for the lesson
[Arkhangel] since SOCKS and HTTP/HTTPS talk different “languages”
[m00trix] Arkhangel, are you trying to run another browser through TOR?
[m00trix] what are you trying to do, that would help heh
[Arkhangel] no
[Arkhangel] I want to use just the normal browser with no opening torbrowser
[Arkhangel] but where I can surf on tor
[m00trix] you have to have the TOR Browser running to proxy the traffic
[m00trix] unless you run a plain tor from a terminal
[Arkhangel] exactly
[Arkhangel] on windows I should run tor browser
[m00trix] and there is a reason for why the TOR browser is at is is. And have the plugins it have
[m00trix] to protect you
[m00trix] you can do what you are trying to do, but even TOR warns against it
[Arkhangel] i know that torbrowser is better for that, but just for information, if I start torbrowser and I enable a proxy that route the data to the tor network by a normal browser, it is not a connection tor over tor right?
[m00trix] when you start the TOR browser, you can tell most programs yo use 127.0.0.1:9150 as a proxy and it will proxy over TOR
[m00trix] but on Windows, the TOR Browser needs to be running
[Arkhangel] exactly, so it is simple one tor connection, is not tor over tor, right?
[Arkhangel] in case of windows I mean
[m00trix] tor over tor?
[Arkhangel] y, since it s not a good idea running tor over tor, I would like to know if, on windows, open torbrowser and proxying the other programs to 127.0.0.1:9150 is not a tor over tor
[l0t3D_] alright thanks all for the lesson i need to go
[l0t3D_] bye
[n1ck1] no
[n1ck1] not is
[Arkhangel] ok ty
[Arkhangel] Im so sorry I forced everyone to run away
[n1ck1] you only configure that program to use this network
[n1ck1] ahsuhahsauhsauhusa
[Arkhangel] ahaha
[n1ck1] but use linux
[n1ck1] windows sucks
[Arkhangel] I use Linux, but I need to have all possible information
[n1ck1] try ubunto first, it is easy
[n1ck1] yes
[n1ck1] this is right
[Arkhangel] culture is power
[n1ck1] y
[n1ck1] tks all

Online Tutorial: Building & Selecting Safer Web Browsers

As I was going about re-configuring my website and domains earlier this week I noticed something very interesting, while my SSL Certificate was in the process of being authenticated I was able to access my unsecured website on every web browser except for one; Mozilla Firefox – which would not allow me to connect to the web page in order to keep me protected.

Just so you understand what I am talking about here, browsers like Microsoft Edge, Google Chrome and Apple Safari will all freely allow you to access a web page which has the potential to compromise your security – including websites which do not have an authenticated or verified SSL Certificates. This is because these web browsers are configured to be “convenient” and easy to use, security is either nonexistent or an afterthought on these particular browsers. With that said, there are a number of web browsers out there specifically designed around security, which also happen to be equally as easy to use/operate. Here are some of those browsers, along with some other helpful information to help you make more informed security choices online in the future.

Mozilla Firefox

Mozilla Firefox is considered by some to be the world’s most secure web browser. I say “some” specifically because many people would argue that Tor is actually the most secure browser out there. However, without Mozilla Firefox the Tor browser wouldn’t even exist. This is because Tor uses the source code of Firefox as the foundation to build their browser. As for why I personally consider Firefox more secure than Tor, this is because the DarkNet is inherently a much more dangerous place than the ClearNet, and you can’t access the DarkNet or Deep Web on Mozilla Firefox alone. Browsing through and interacting with the Deep Web, even while using Tor, naturally puts you and your security at a much higher risk.

What makes Firefox particularly unique is that much like WordPress.com, the browser allows you to install various Add-Ons, extensions or plugins that can help you maximize your security. For the purposes of this article, if you are going to use Mozilla Firefox, I highly recommend that you install NoScript, HTTPS Everywhere, Ad Blocker Ultimate and Disable WebRTC connections. There are more plugins than I could possibly mention here, those are just some of the most important ones you can install specifically in terms of online security.

WebRTC is a little talked about “glitch” that allows third parties to circumvent your security and compromise your systems, even when you are using a VPN or Proxy service. As of today, Mozilla is the only web platform I am aware of that allows you to disable all WebRTC connections entirely. By comparison, other browsers like Google Chrome literally ban people from disabling WebRTC connections through their browser, as to allow US “authorities” like the NSA and FBI to more easily hack and track users online if need be. However, non-Government hackers exploit WebRTC all the same as Federal hackers, and for all the same reasons.

Download Firefox Here: https://www.mozilla.org/en-US/firefox/download/

Tor

I understand that the Tor Browser has gone on to develop a slightly negative reputation in today’s society but, believe it or not, the Tor Project was first developed by and still receives a majority of its funding from the United States Department of Defense. It is important to understand that even though some people use Tor to do some pretty bad or illegal things, just like anything else in life, the browser is only what you make of it.

Tor was not developed for criminals, it was first developed by the US Government in order to keep agents, operatives and members of the Armed Forces safe and secure online. It just so happens that over time the browser and its systems were hijacked by criminals and terrorists alike, whom also need to remain hidden and secure online for many of the same reasons as Government employees.

The Tor browser works by bouncing your internet connection through thousands of individual “proxy servers” around the world on a perpetual randomized time loop. At any given moment in time your internet connection could be bouncing from Thailand to Venezuela to Canada and theoretically anywhere in between, concealing your computers identity and making your internet activity essentially impossible to trace. In addition to redirecting your internet traffic away from the eyes of your Internet Service Provider, it also conceals the IP Address of the computer you are using behind a proxy. This is particularly important/valuable for political activists and human rights defenders living in oppressive countries all around there world, where peoples online activity can get them arrested or killed. Since the browser directs all of you online activity to different countries around the world, this allows activists to remain hidden from their Governments while also granting them access to any sites banned or restricted by their respective Governments.

It is important to note that Tor is perhaps the best web browser at preventing or deflecting an active hacking attempt against your computer. However, I would never use Tor for things like credit card transactions or editing/customizing your personal website. This is because anytime you are using a proxy you are using someone else’s connection. While this may hide your internet activity from 3rd parties, it makes you internet activity available specifically to the owner of whatever proxy server you happen to be using at that time, and not every proxy server exists with honorable intentions – though “most” Tor exit node operators tend to be trusted activists.

Download Tor Here: https://www.torproject.org/download/download-easy.html.en

Opera

Opera is a little known web browser that has traditionally had a minuscule following throughout the past. However, in 2016, Opera started to gain a more main stream following, particularly with the cyber security community, after the browser started to become standard with a built in VPN. This means that the Opera browser stands in front of your computers IP Address while you browse the internet and your activity will remain hidden from your Internet Service Provider and/or 3rd parties. While the VPN is far from the strongest of safest on the market, it is still a very unique feature that has helped the browser grow in popularity over the years.

Download Opera Here: http://www.opera.com/

Epic Privacy Browser

One of the newer browsers on the market, Epic is specifically designed around online security. Each time you close the browser all of your cookies and tracking information is automatically deleted, preventing any websites from remembering or recording your previous activity. Similar to Opera, the Epic Privacy Browser also connects your computer through the companies own servers, acting as a proxy service for your device. This prevents any hackers/websites from recording the IP Address of the device you are using to browse the internet. Additionally, much like Mozilla, the browser will not allow you to connect with or access any site that does not have a recognized SSL Certificate.

Download Epic Here: https://www.epicbrowser.com/

Browser History, Cache & Cookie Management

If someone gains access to your computer for malicious reasons one of the first things they are going to want to do is check your browser history to gain access to websites and accounts that you frequent the most. Just think for a moment about all the pages you visit online, that you do not need to log into every time you visit. While this may be convenient for your personal browsing habits, it is also very convenient for hackers.

For this reason, you should always delete your browser history and clear all browser cookies on a fairly regular basis. You would be surprised to know how much information your browser stores/remembers about you, until you delete it all. Please note that some browsers offer to delete cache and cookies through the settings menu and some anti-virus programs also offer to do the same. However, if you cannot find or do not own these programs, one of the best programs to clear history, cookies, cache and everything else is known as CCleaner and it is completely free and open source for anyone to own. The “C” in CCleaner literally stands for “Crap,” because the program deletes all of the useless crap your computer happens to store about you. The program itself is entirely free to own, but it is one of the most effective programs on the market. For example, even multi-billion dollar tech companies are known to use the program on a regular basis.

Download CCleaner Here: www.ccleaner.com/download

International Internet Censorship Care Package

For those of you who might be unaware, last month Egyptian voters allegedly passed new Constitutional Amendments that will allow Egyptian President Adbel Fattah al-Sisi to remain in power, unchecked, until at least 2030 – when the next round of national elections will take place. However, what has largely gone under reported is the fact that those same constitutional amendments also allow al-Sisi to block Egyptian based Internet Service Providers (ISP’s) from allowing access to over 34,000 websites – adding to countless other cyber/internet crackdowns enacted by the President over recent years.

Learn More – NetBlock Report of Egyptian Internet Censorship May 2019: https://netblocks.org/reports/egypt-filters-34000-domains-in-bid-to-block-opposition-campaign-platform-7eA1blBp

In response to these new amendments, and in addition to several other crackdowns against internet freedoms and freedoms of the press/information in and around Egypt, I’ve decided to release an internet based “Care Package” to the people of Egypt to better help them learn how to circumvent internet restrictions imposed by their President. Please share.

Egyptian Care Package Links/Tutorials:

Download Tor Browser: https://www.torproject.org/download/

Building & Selecting Safer Web Browsers: https://roguesecuritylabs.ltd/building-selecting-safer-web-browsers

Download Spybot Anti-Beacon: https://www.techspot.com/downloads/6747-spybot-anti-beacon.html

Top Free & Paid VPN Service Providers: https://www.cnet.com/best-vpn-services-directory/

16 Factors To Consider When Selecting A VPN Service Provider: https://roguesecuritylabs.ltd/criteria-to-consider-when-purchasing-a-vpn/

How & Why To Re-Route DNS Through Your Computer and/or Phone: https://roguesecuritylabs.ltd/how-why-to-re-route-dns-through-your-computer-and-or-phone/

CgAn Internet Censorship Care Package: https://www.cyberguerrilla.org/blog/anti-censorship-carepackage/

Encrypted Chatrooms & VoIP Apps: https://roguesecuritylabs.ltd/encrypted-chatrooms-voip-apps

Making The Switch To Encrypted Emails: https://roguesecuritylabs.ltd/making-the-switch-to-encrypted-emails/

Download ProtonVPN – Endorsed by Amnesty International: https://protonvpn.com/

Phone Security: https://roguesecuritylabs.ltd/phone-security

Operation Security by UnknownPress: https://iamanonymous.com/dont-be-burnt-toast-unknown-guide-to-operation-security/

How To Keep An Anonymous Identity Online: https://anonhq.com/anonymous-security-guide-2-0/

DDoSecrets Publishes “The Dark Side of The Kremlin,” Over 254 GB of Leaks Stolen from Kremlin Servers

One of the most common/re-occurring questions I keep getting asked from people is why doesn’t Russia get hacked like the rest of the world? How come we never hear of any hacks or leaks coming out of Russia like we do other countries? Well, the answer is rather simple – kind of.

First off is because Russia has much harder/stricter internet controls and/or regulations in place than most Western countries, especially the United States, and it is therefore much harder for outside countries to get into Russian network infrastructure than it is for Russia to get into theirs. For example, Russians can freely advertise here in the United States, essentially unrestricted, but it is almost impossible for me to reach Russian citizens with an advertisement from here in the US – at least it would cost me astronomically more to do so. Second is because, starting in 2016, the Russian Government abandoned Microsoft products, including Windows, essentially switching over to their own prototypes, literally running software, Operating Systems and machines that no one else in the world has or has even seen for that matter. Thirdly is the fact that if you ever get caught leaking sensitive material in Russia, about Russia, forget going to trial, you are probably just going to wind up being shot in the head and/or assassinated – something which is usually not the case in Western democracies, Jamal Khashoggi not withstanding.

Learn More | Russia’s Parliament Puts Forth New Initiative To Create Backup Infrastructure To Global World-Wide-Web: https://roguemedia.co/2018/12/16/russia-aims-to-create-backup-to-the-world-wide-web-create-its-own-national-internet-infrastructure/

With that established however, it doesn’t necessarily mean that Russia’s systems are infallible either. For example, last Friday, January 25th 2019, a new publishing outlet formed in December 2018 going by the name of DDoSecrets published a new series of leaks entitled “The Dark Side of The Kremlin” – two massive data dumps comprising of greater than 258 Gigabytes of data stolen from various servers belonging to the Russian Government (Kremlin).

As was explained by DDoSecret co-founder Emma Best in an article with The Daily Beast, the first international news outlet to cover the leaks, the information stolen from Kremlin servers includes “stuff from politicians, journalists, bankers, folks in oligarch and religious circles, nationalists, separatists, terrorists operating in Ukraine.” They also contain “hundreds of thousands of emails, Skype and Facebook messages, along with lots of docs.

As was also explained by reporters at The Daily Beast, DDoSecrets has managed to compile “more than 200,000 emails into a spreadsheet for ease of searching.” Adding that “in all, its cache now contains 61 different leaks totaling 175 gigabytes, dwarfing, by quantity at least, Russia’s leaks against the Democratic National Committee and Hillary Clinton campaign.” The collection also “includes files from Alexander Budberg, a Russian columnist married to Dmitry Medvedev’s press secretary; Kirill Frolov, vice-director of the Kremlin-backed Institute for CIS Countries; and Vladislav Surkov, a top aide to Vladimir Putin who was hacked by CyberHunta in October 2016,” in addition to much more. You are invited to learn more by browsing through the leaks/links provided below.

For those of you whom are unfamiliar how to navigate the DarkNet, the location where these files/archives were originally stored, member of Anonymous have done their best to backup and reload the torrent files via the ClearNet and AnonFiles.com so that anyone/everyone in the world can have access to the content. Over the course of the last week there has also been 3 leaks tied to the Kremlin and/or Russian-based email domains. Though there is not telling how old/antiquated the information may be, they consists of over 3,300 emails along with their login passwords – over 3,000 of which allegedly belonging to various members of the Russian Government/Legislature.

You can search all files and emails from all 5 of the leaks below. If you need to download Tor first, you can find a download link here: https://www.torproject.org/download/download.html

Original Publication (DarkNet): http://ddosecretspzwfy7.onion.to/data/asia/#russia

Search Through Entire Kremlin Email Archive: https://search.bivol.bg/kremlin/

File Download 1 (Darknet): http://ddosecretspzwfy7.onion.to/DarkSideoftheKremlin.torrent
File Download 1 (ClearNet): https://anonfile.com/CaPcYdrfbe/DarkSideoftheKremlin_torrent
File Download 1 Backup:
https://anonfile.com/PfVcZfrcbd/DarkSideoftheKremlin_torrent

File Download 2 (DarkNet): http://ddosecretspzwfy7.onion.to/DarkSideoftheKremlin.csv.torrent
File Download 2 (ClearNet): https://anonfile.com/0aP2Y5r7b6/DarkSideoftheKremlin.csv_torrent
File Download 2 Backup:
https://anonfile.com/UdU3Z5r1b5/DarkSideoftheKremlin_torrent

Additional Russian Email – Password Dumps:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/01/Russia_Email_Leak_List.pdf”]

 

Building/Selecting Safer Web Browsers

As I was going about re-configuring my website and domains earlier this week I noticed something very interesting, while my SSL Certificate was in the process of being authenticated I was able to access my unsecured website on every web browser except for one; Mozilla Firefox – which would not allow me to connect to the web page in order to keep me protected.

Just so you understand what I am talking about here, browsers like Microsoft Edge, Google Chrome and Apple Safari will all freely allow you to access a web page which has the potential to compromise your security – including websites which do not have an authenticated or verified SSL Certificates. This is because these web browsers are configured to be “convenient” and easy to use, security is either nonexistent or an afterthought on these particular browsers. With that said, there are a number of web browsers out there specifically designed around security, which also happen to be equally as easy to use/operate. Here are some of those browsers, along with some other helpful information to help you make more informed security choices online in the future.

Mozilla Firefox

Mozilla Firefox is considered by some to be the world’s most secure web browser. I say “some” specifically because many people would argue that Tor is actually the most secure browser out there. However, without Mozilla Firefox the Tor browser wouldn’t even exist. This is because Tor uses the source code of Firefox as the foundation to build their browser. As for why I personally consider Firefox more secure than Tor, this is because the DarkNet is inherently a much more dangerous place than the ClearNet, and you can’t access the DarkNet or Deep Web on Mozilla Firefox alone. Browsing through and interacting with the Deep Web, even while using Tor, naturally puts you and your security at a much higher risk.

What makes Firefox particularly unique is that much like WordPress.com, the browser allows you to install various Add-Ons, extensions or plugins that can help you maximize your security. For the purposes of this article, if you are going to use Mozilla Firefox, I highly recommend that you install NoScript, Ad Blocker Ultimate and Disable WebRTC connections. There are more plugins than I could possibly mention here, those are just some of the most important ones you can install specifically in terms of online security.

WebRTC is a little talked about “glitch” that allows third parties to circumvent your security and compromise your systems, even when you are using a VPN or Proxy service. As of today, Mozilla is the only web platform I am aware of that allows you to disable all WebRTC connections entirely. By comparison, other browsers like Google Chrome literally ban people from disabling WebRTC connections through their browser, as to allow US “authorities” like the NSA and FBI to more easily hack and track users online if need be. However, non-Government hackers exploit WebRTC all the same as Federal hackers, and for all the same reasons.

Download Firefox Here: https://www.mozilla.org/en-US/firefox/download/

Tor

I understand that the Tor Browser has gone on to develop a slightly negative reputation in today’s society but, believe it or not, the Tor Project was first developed by and still receives a majority of its funding from the United States Department of Defense. It is important to understand that even though some people use Tor to do some pretty bad or illegal things, just like anything else in life, the browser is only what you make of it.

Tor was not developed for criminals, it was first developed by the US Government in order to keep agents, operatives and members of the Armed Forces safe and secure online. It just so happens that over time the browser and its systems were hijacked by criminals and terrorists alike, whom also need to remain hidden and secure online for many of the same reasons as Government employees.

The Tor browser works by bouncing your internet connection through thousands of individual “proxy servers” around the world on a perpetual randomized time loop. At any given moment in time your internet connection could be bouncing from Thailand to Venezuela to Canada and theoretically anywhere in between, concealing your computers identity and making your internet activity essentially impossible to trace. In addition to redirecting your internet traffic away from the eyes of your Internet Service Provider, it also conceals the IP Address of the computer you are using behind a proxy. This is particularly important/valuable for political activists and human rights defenders living in oppressive countries all around there world, where peoples online activity can get them arrested or killed. Since the browser directs all of you online activity to different countries around the world, this allows activists to remain hidden from their Governments while also granting them access to any sites banned or restricted by their respective Governments.

It is important to note that Tor is perhaps the best web browser at preventing or deflecting an active hacking attempt against your computer. However, I would never use Tor for things like credit card transactions or editing/customizing your personal website. This is because anytime you are using a proxy you are using someone else’s connection. While this may hide your internet activity from 3rd parties, it makes you internet activity available specifically to the owner of whatever proxy server you happen to be using at that time, and not every proxy server exists with honorable intentions – though “most” Tor exit node operators tend to be trusted activists.

Download Tor Here: https://www.torproject.org/download/download-easy.html.en

Opera

Opera is a little known web browser that has traditionally had a minuscule following throughout the past. However, in 2016, Opera started to gain a more main stream following, particularly with the cyber security community, after the browser started to become standard with a built in VPN. This means that the Opera browser stands in front of your computers IP Address while you browse the internet and your activity will remain hidden from your Internet Service Provider and/or 3rd parties. While the VPN is far from the strongest of safest on the market, it is still a very unique feature that has helped the browser grow in popularity over the years.

Download Opera Here: http://www.opera.com/

Epic Privacy Browser

One of the newer browsers on the market, Epic is specifically designed around online security. Each time you close the browser all of your cookies and tracking information is automatically deleted, preventing any websites from remembering or recording your previous activity. Similar to Opera, the Epic Privacy Browser also connects your computer through the companies own servers, acting as a proxy service for your device. This prevents any hackers/websites from recording the IP Address of the device you are using to browse the internet. Additionally, much like Mozilla, the browser will not allow you to connect with or access any site that does not have a recognized SSL Certificate.

Download Epic Here: https://www.epicbrowser.com/

Browser History, Cache & Cookie Management

If someone gains access to your computer for malicious reasons one of the first things they are going to want to do is check your browser history to gain access to websites and accounts that you frequent the most. Just think for a moment about all the pages you visit online, that you do not need to log into every time you visit. While this may be convenient for your personal browsing habits, it is also very convenient for hackers.

For this reason, you should always delete your browser history and clear all browser cookies on a fairly regular basis. You would be surprised to know how much information your browser stores/remembers about you, until you delete it all. Please note that some browsers offer to delete cache and cookies through the settings menu and some anti-virus programs also offer to do the same. However, if you cannot find or do not own these programs, one of the best programs to clear history, cookies, cache and everything else is known as CCleaner and it is completely free and open source for anyone to own. The “C” in CCleaner literally stands for “Crap,” because the program deletes all of the useless crap you’re your computer happens to store about you. The program itself is entirely free to own, but it is one of the most effective programs on the market. For example, even multi-billion dollar tech companies are known to use the program on a regular basis.

Download CCleaner Here: www.ccleaner.com/download