Onion links and HTTP response dumps for most of the noteworthy Tor hidden services can be found at https://rnsaffn.com/zg4/ Beware, nothing is censored. It's all there, the drugs, the ransomware, the sex crime, the cryptocurrency scams, but also the good stuff that makes Tor great. If a worthwhile or provocative hidden service is missing from the scan, please submit it yourself.
How do you scan for hidden services? I thought that was impossible?
Anyway, please beware that there is a not-insignificant propability that opening random tor hidden addresses lead to thinks you don't want to see like gore and CSAM.
I've never torrented anything and have been wary that doing anything with the Tor project on my not-so-private computer just sends up a beacon asking me to be investigated. I don't do anything illegal or plan to, but being investigated alone is enough of a deterrent.
I suspect this is paranoia on my part, but I would be curious to hear thoughts from this crowd.
1. If you're threat model is surveillance state, are things like this helpful or harmful?
2. If you need a tool like this, what's the best way to obtain/install this anonymously?
> 1. If you're threat model is surveillance state, are things like this helpful or harmful?
Good question. I don't know the answer, but I've been operating on the assumption that Tor Browser gives you more privacy from commercial surveillance (e.g., our fellow HNers), but not from many state actors (e.g., US gov't).
I especially wouldn't encourage Tor Browser use by a member of a group being oppressed by a regime that has use of sophisticated surveillance technology. Tor use is very easily detected, and I would fear they would just be drawing attention to themself.
However, if you're not targeted (as a group, or individually), and your threat model is mainly that you don't want a hundred data brokers to know about your totally legal interest in the Tina Fey Matt Damon Fanfic Clubhouse site... then, sure, run Tor Browser. Just be sure to disclose that club membership if ever asked on the form when applying for DoD security clearance, and I'd guess they probably already know.
> 2. If you need a tool like this, what's the best way to obtain/install this anonymously?
Simply using it will flag it to the ISP as Tor traffic. So you could just download it using whatever ISP you will be using to run it, without revealing much more.
For better or worse, I don't expect to reasonably be able to hide from state actors that really want to track me down or see what I'm doing. They simply have too many tools, resources, and leverage on their side.
If my concern really is the state I wouldn't use the internet at all, or I would be exceedingly limited in where, how, and on what devices and networks I do anything online.
Tor can be useful for avoiding less well funded and militarized actors.
This kind of question: "what is your threat model" "if you need a tool like this" presumes.
I value things like this because my threat model is "go F yourself".
Not you, all the entities that do not want you or me to have privacy and agency.
It doesn't matter what their reasons are from merely being nosy for no real reason, all the way to govenments trying to become panopticons.
You don't need a justification. No one needs a justification. "why do you need" is an absolutely invalid question from the first syllable.
And, I apologize for this because it will be unkind, but, when you roll over because you fear attracting attention, all you do is displace that attention onto someone else. Someone else takes on double hassle to pay for your avoiding hassle.
It doesn't go away. The attention is there regardless, and either we all bear a tiny bit and it's harmless, or a few bear it all and it kills them.
And then, when the the thorns are cut down, you end up in a worse world because now their behavior is no longer checked by any resistance. The level of grief you decided was tolerable, is no longer the level they will inflict. It's short-sighted and counter-productive in the long term. It's the same as all other examples of appeasement. Giving the bully what they want never actually accomplishes what the bully promises.
I'm trying to ask something slightly different, I think. If I'm trying to have ultimate anonymity, I know that I can do things that actually expose myself. I don't want to be a giant beacon saying "I'M DOING SOMETHING SECRET".
I know almost nothing about Tor, but with radios, if you don't have the right setup and usage, encrypted traffic is easily detectable, just not as easily decrypted. So, if you are dumb, you'll broadcast *very loudly* your location, that you don't want people to know what you are doing, and other data. If I were using radios and wanted my communications to be untraceable, I would use some very specific measures and avoid others.
I'm more asking, in what cases is Tor helpful and in what cases are you worse off for using it? And I was trying to give a use-case that wasn't just advertisers.
To add another side of it: The more of us use it for everyday innociuous daily tasks and work, the stronger the network becomes for the cases where it matters. Adding noise to signal for adversaries and making "just block tor" a less obvious choice for operators.
In practice the main thing to watch out for is TLS-stripping attacks where malicious exit nodes will try to downgrade your connection to cleartext HTTP. This will give you a warning in the browser. Don't allow it but ctrl+shift+L in Tor Browser to retry a new connection on a hopefully better circuit.
In general I'd also say it's unsafe to use tor with unencrypted unauthenticated cleartext HTTP since it allows exit nodes to do all sorts of shenangigans undetected. Make sure it's https://(...) or http://(...).onion (.onion Hidden Services are authenticated by cryptographic key and terminate straight at the endpoint without an exit from the tor network over internet so aren't subject to that as long as you make sure the domain name is correct)
> I don't do anything illegal or plan to, but being investigated alone is enough of a deterrent
Unless you live in a fully authoritarian state, there shouldn't be a reason to be investigated for using Tor. Being put on a list is a different matter, but voicing your opinions online might also get you there. If not now, in a possible, not far away grim future.
Tor Browser is a great idea, and would be more usable on a daily basis if it'd block ads by default as well.
1. Maybe some of our Chinese peers can chime in. In such circumstances you need to take a step further and use bridges to connect to the Tor network to better circumvent restrictions. As far of deep packet inspection I'm not aware of the state of the art in China, and if it's possible to evade detection.
2. Download it from a public wifi with no cameras in sight?
> Being put on a list is a different matter, but voicing your opinions online might also get you there.
With modern data collection and “AI” tools that use correlation to give you a risk score, even having similar characteristics or interests of targeted people is probably enough to get you on a list, even if you attempt to have “good” behavior at all times. Reducing identifiable data might actually avoid some lists even if it puts you on others.
(Besides, the number of people on one “list” or another is already so out of control that I imagine they are becoming useless. Join us, make the lists just a little more unmanageable.)
> If you're threat model is surveillance state, are things like this helpful or harmful?
I think the more vicious oppressive states will give you deep trouble if they simply catch you with this software. But if you're looking to simply obscure traffic from your internet provider or some other malcontent platform, Tor will work.
> If you need a tool like this, what's the best way to obtain/install this anonymously?
Hehe, if you need to hide your DNS query to the Tor project or traffic directly to it, you are probably somewhere where simply possessing this software can get you in a lot of trouble. I wouldn't encourage you to do anything reckless.
Otherwise, just go to the site shamelessly and get it.
Tor is great at reducing tracking done by ad companies. I use Facebook and Reddit (a big chunk of my social media activity) exclusively over Tor.
Step 1, block all Facebook and Reddit domains and subdomains at the DNS level. This is not to prevent visiting the cleartext websites (I could just, you know, not visit them), it’s to block the Like buttons and Reddit share icons embedded in normal websites from tracking my browsing activity.
Step 2, bookmark the Reddit and Facebook onion sites in Tor Browser.
These are faster and more secure than visiting reddit.com and facebook.com in Tor Browser (hidden services require fewer hops and have no exit node), and since they’re official means of accessing their respective sites, you’re less likely to get treated as a bot or banned for suspicious activity.
How well does this work? Pretty well, if the ads I get are any indication. Facebook and Reddit ads used to be highly correlated to my general browsing activity. When I first started doing this, I would still log in without Tor occasionally, and instantly ads would start matching my browsing activity again. Now that I’ve used these sites exclusively over Tor for years, the ads are either entirely random or based solely on my activity within the respective sites (which is exactly what I want), or they expose a privacy leak from something other than IP address or cookies (for example, it’s clear from the ads I get that my bank sells my credit card purchase history to Facebook, which has made me more open to using cash).
As long as Tor Browser isn’t illegal or dangerous to possess in your jurisdiction, I highly recommend downloading it and using it for mainstream sites that provide onion services. I wish more sites would provide them!
> I've never torrented anything and have been wary that doing anything with the Tor project on my not-so-private computer just sends up a beacon asking me to be investigated. I don't do anything illegal or plan to, but being investigated alone is enough of a deterrent.
Tor is not illegal. Usage of Tor is not illegal. If you have such fears you are either unreasonably paranoid in this regard or you are correct in your fears and you are already living in a totalitarian surveillance state that uses fear and intimidation to deny you your rights and freedoms.
I live in Germany and torrent all day (with a VPN), use tor all day and shitpost on the internet as much as time permits. I will not yield in that regard and neither should you.
> 1. If you're threat model is surveillance state, are things like this helpful or harmful?
It depends. The most useful usage for tor is to work around blocks and nation state firewalls. My traffic almost universally exits in Germany or the Netherlands where you can access any website you want from. If you life in china you might not be able to visit all the sites you want, i.e. https://en.wikipedia.org/wiki/1989_Tiananmen_Square_protests...
> 2. If you need a tool like this, what's the best way to obtain/install this anonymously?
Depends: Do you have access to some form of internet connection thats not directly linked to your identity? Because downloading and using tor from your home connection if you are worried about "sending a beacon" really is pointless. A public wifi is propably the easiest way to get it.
my belief (without proof) is that in a world of big data, we're all likely on some sort of govt database with a note about what we do or dont do but as a privacy enthusiast I'll continue making it as difficult as possible for anyone to syphon off my data easily and for free.
I've also recently become aware of the depths of how insecure our data really is. windows recall is one problem, but they make the o/s, whos to say they arent sending data to hq about you anyway. then you have firmware that can do what it wants before you even get to the o/s layer.
encryption is nice if you own all the hardware and software before you hit the network (like on an embedded device for example) but then what about the security at the receivers end? even the pro's make mistakes in this area.
so while i try not to give away my data for free, if youre networked, your not 100% secure. im not even sure what other toys eavesdroppers have to get around problems but it sure is an interesting field!
> my belief (without proof) is that in a world of big data, we're all likely on some sort of govt database with a note about what we do or dont do but as a privacy enthusiast I'll continue making it as difficult as possible for anyone to syphon off my data easily and for free.
Almost certainly true! Clearview AI is being sued because they scraped the internet for all our faces. Ever posted a picture of yourself attached with your name ANYWHERE, EVER? You are now in the database. I realized that a talk i held at a software conference was posted on the internet and that meant that of course i'm now forever in all AI Databases anywhere.
There's a reason the NSA build yottabytes of storage for metdata and connections: Save now, decrypt later when Quantum Computers are ready. Every App, website, even your OS is spying on you. Ever google "Tor" or "Tails OS"? Congrats you are now in the NSAs Database as a potential extremist[0]
That being said: The least we can do is make surveilance more expensive. Use Tor, throwaway browser sessions, encrypted cloud storage etc. Your average normie is an open book with everything readable in the cleartext.
Onion links and HTTP response dumps for most of the noteworthy Tor hidden services can be found at https://rnsaffn.com/zg4/ Beware, nothing is censored. It's all there, the drugs, the ransomware, the sex crime, the cryptocurrency scams, but also the good stuff that makes Tor great. If a worthwhile or provocative hidden service is missing from the scan, please submit it yourself.
How do you scan for hidden services? I thought that was impossible?
Anyway, please beware that there is a not-insignificant propability that opening random tor hidden addresses lead to thinks you don't want to see like gore and CSAM.
Perhaps by running an exit node
I've never torrented anything and have been wary that doing anything with the Tor project on my not-so-private computer just sends up a beacon asking me to be investigated. I don't do anything illegal or plan to, but being investigated alone is enough of a deterrent.
I suspect this is paranoia on my part, but I would be curious to hear thoughts from this crowd.
1. If you're threat model is surveillance state, are things like this helpful or harmful? 2. If you need a tool like this, what's the best way to obtain/install this anonymously?
> 1. If you're threat model is surveillance state, are things like this helpful or harmful?
Good question. I don't know the answer, but I've been operating on the assumption that Tor Browser gives you more privacy from commercial surveillance (e.g., our fellow HNers), but not from many state actors (e.g., US gov't).
I especially wouldn't encourage Tor Browser use by a member of a group being oppressed by a regime that has use of sophisticated surveillance technology. Tor use is very easily detected, and I would fear they would just be drawing attention to themself.
However, if you're not targeted (as a group, or individually), and your threat model is mainly that you don't want a hundred data brokers to know about your totally legal interest in the Tina Fey Matt Damon Fanfic Clubhouse site... then, sure, run Tor Browser. Just be sure to disclose that club membership if ever asked on the form when applying for DoD security clearance, and I'd guess they probably already know.
> 2. If you need a tool like this, what's the best way to obtain/install this anonymously?
Simply using it will flag it to the ISP as Tor traffic. So you could just download it using whatever ISP you will be using to run it, without revealing much more.
This is helpful. Thank you.
There are a number of useful applications of Tor that have nothing to do with secure anonymity.
If you login with your phone to a corporate restaurant's wifi, you may find a number of sites blocked. Tor can circumvent that.
Onionshare is a handy way to exchange files with multiple parties.
And for sensitive questions that you don't want in your google search history, it's quite effective with startpage or duckduckgo.
I use ffupdater from f-droid to install and maintain Tor browser, although it is available directly from f-droid.
For better or worse, I don't expect to reasonably be able to hide from state actors that really want to track me down or see what I'm doing. They simply have too many tools, resources, and leverage on their side.
If my concern really is the state I wouldn't use the internet at all, or I would be exceedingly limited in where, how, and on what devices and networks I do anything online.
Tor can be useful for avoiding less well funded and militarized actors.
This kind of question: "what is your threat model" "if you need a tool like this" presumes.
I value things like this because my threat model is "go F yourself".
Not you, all the entities that do not want you or me to have privacy and agency.
It doesn't matter what their reasons are from merely being nosy for no real reason, all the way to govenments trying to become panopticons.
You don't need a justification. No one needs a justification. "why do you need" is an absolutely invalid question from the first syllable.
And, I apologize for this because it will be unkind, but, when you roll over because you fear attracting attention, all you do is displace that attention onto someone else. Someone else takes on double hassle to pay for your avoiding hassle.
It doesn't go away. The attention is there regardless, and either we all bear a tiny bit and it's harmless, or a few bear it all and it kills them.
And then, when the the thorns are cut down, you end up in a worse world because now their behavior is no longer checked by any resistance. The level of grief you decided was tolerable, is no longer the level they will inflict. It's short-sighted and counter-productive in the long term. It's the same as all other examples of appeasement. Giving the bully what they want never actually accomplishes what the bully promises.
Upvoted your comment. I totally agree.
I'm trying to ask something slightly different, I think. If I'm trying to have ultimate anonymity, I know that I can do things that actually expose myself. I don't want to be a giant beacon saying "I'M DOING SOMETHING SECRET".
I know almost nothing about Tor, but with radios, if you don't have the right setup and usage, encrypted traffic is easily detectable, just not as easily decrypted. So, if you are dumb, you'll broadcast *very loudly* your location, that you don't want people to know what you are doing, and other data. If I were using radios and wanted my communications to be untraceable, I would use some very specific measures and avoid others.
I'm more asking, in what cases is Tor helpful and in what cases are you worse off for using it? And I was trying to give a use-case that wasn't just advertisers.
To add another side of it: The more of us use it for everyday innociuous daily tasks and work, the stronger the network becomes for the cases where it matters. Adding noise to signal for adversaries and making "just block tor" a less obvious choice for operators.
In practice the main thing to watch out for is TLS-stripping attacks where malicious exit nodes will try to downgrade your connection to cleartext HTTP. This will give you a warning in the browser. Don't allow it but ctrl+shift+L in Tor Browser to retry a new connection on a hopefully better circuit.
In general I'd also say it's unsafe to use tor with unencrypted unauthenticated cleartext HTTP since it allows exit nodes to do all sorts of shenangigans undetected. Make sure it's https://(...) or http://(...).onion (.onion Hidden Services are authenticated by cryptographic key and terminate straight at the endpoint without an exit from the tor network over internet so aren't subject to that as long as you make sure the domain name is correct)
> I don't do anything illegal or plan to, but being investigated alone is enough of a deterrent
Unless you live in a fully authoritarian state, there shouldn't be a reason to be investigated for using Tor. Being put on a list is a different matter, but voicing your opinions online might also get you there. If not now, in a possible, not far away grim future.
Tor Browser is a great idea, and would be more usable on a daily basis if it'd block ads by default as well.
1. Maybe some of our Chinese peers can chime in. In such circumstances you need to take a step further and use bridges to connect to the Tor network to better circumvent restrictions. As far of deep packet inspection I'm not aware of the state of the art in China, and if it's possible to evade detection.
2. Download it from a public wifi with no cameras in sight?
> Being put on a list is a different matter, but voicing your opinions online might also get you there.
With modern data collection and “AI” tools that use correlation to give you a risk score, even having similar characteristics or interests of targeted people is probably enough to get you on a list, even if you attempt to have “good” behavior at all times. Reducing identifiable data might actually avoid some lists even if it puts you on others.
(Besides, the number of people on one “list” or another is already so out of control that I imagine they are becoming useless. Join us, make the lists just a little more unmanageable.)
> If you're threat model is surveillance state, are things like this helpful or harmful?
I think the more vicious oppressive states will give you deep trouble if they simply catch you with this software. But if you're looking to simply obscure traffic from your internet provider or some other malcontent platform, Tor will work.
> If you need a tool like this, what's the best way to obtain/install this anonymously?
Hehe, if you need to hide your DNS query to the Tor project or traffic directly to it, you are probably somewhere where simply possessing this software can get you in a lot of trouble. I wouldn't encourage you to do anything reckless.
Otherwise, just go to the site shamelessly and get it.
Tor is great at reducing tracking done by ad companies. I use Facebook and Reddit (a big chunk of my social media activity) exclusively over Tor.
Step 1, block all Facebook and Reddit domains and subdomains at the DNS level. This is not to prevent visiting the cleartext websites (I could just, you know, not visit them), it’s to block the Like buttons and Reddit share icons embedded in normal websites from tracking my browsing activity.
Step 2, bookmark the Reddit and Facebook onion sites in Tor Browser.
https://www.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqn... ; proof: https://www.reddit.com/r/redditsecurity/comments/yd6hqg/redd...
https://www.facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg... ; proof: https://www.facebook.com/onion-service
These are faster and more secure than visiting reddit.com and facebook.com in Tor Browser (hidden services require fewer hops and have no exit node), and since they’re official means of accessing their respective sites, you’re less likely to get treated as a bot or banned for suspicious activity.
How well does this work? Pretty well, if the ads I get are any indication. Facebook and Reddit ads used to be highly correlated to my general browsing activity. When I first started doing this, I would still log in without Tor occasionally, and instantly ads would start matching my browsing activity again. Now that I’ve used these sites exclusively over Tor for years, the ads are either entirely random or based solely on my activity within the respective sites (which is exactly what I want), or they expose a privacy leak from something other than IP address or cookies (for example, it’s clear from the ads I get that my bank sells my credit card purchase history to Facebook, which has made me more open to using cash).
As long as Tor Browser isn’t illegal or dangerous to possess in your jurisdiction, I highly recommend downloading it and using it for mainstream sites that provide onion services. I wish more sites would provide them!
> I've never torrented anything and have been wary that doing anything with the Tor project on my not-so-private computer just sends up a beacon asking me to be investigated. I don't do anything illegal or plan to, but being investigated alone is enough of a deterrent.
Tor is not illegal. Usage of Tor is not illegal. If you have such fears you are either unreasonably paranoid in this regard or you are correct in your fears and you are already living in a totalitarian surveillance state that uses fear and intimidation to deny you your rights and freedoms.
I live in Germany and torrent all day (with a VPN), use tor all day and shitpost on the internet as much as time permits. I will not yield in that regard and neither should you.
> 1. If you're threat model is surveillance state, are things like this helpful or harmful?
It depends. The most useful usage for tor is to work around blocks and nation state firewalls. My traffic almost universally exits in Germany or the Netherlands where you can access any website you want from. If you life in china you might not be able to visit all the sites you want, i.e. https://en.wikipedia.org/wiki/1989_Tiananmen_Square_protests...
> 2. If you need a tool like this, what's the best way to obtain/install this anonymously? Depends: Do you have access to some form of internet connection thats not directly linked to your identity? Because downloading and using tor from your home connection if you are worried about "sending a beacon" really is pointless. A public wifi is propably the easiest way to get it.
If you’re really paranoid use Brave browser at a library to download it the first time (over Tor).
Tor also has nothing to do with torrents.
Ok, I thought both used a tor network, but I'll do some research. I really know very little about this.
my belief (without proof) is that in a world of big data, we're all likely on some sort of govt database with a note about what we do or dont do but as a privacy enthusiast I'll continue making it as difficult as possible for anyone to syphon off my data easily and for free.
I've also recently become aware of the depths of how insecure our data really is. windows recall is one problem, but they make the o/s, whos to say they arent sending data to hq about you anyway. then you have firmware that can do what it wants before you even get to the o/s layer.
encryption is nice if you own all the hardware and software before you hit the network (like on an embedded device for example) but then what about the security at the receivers end? even the pro's make mistakes in this area.
so while i try not to give away my data for free, if youre networked, your not 100% secure. im not even sure what other toys eavesdroppers have to get around problems but it sure is an interesting field!
> my belief (without proof) is that in a world of big data, we're all likely on some sort of govt database with a note about what we do or dont do but as a privacy enthusiast I'll continue making it as difficult as possible for anyone to syphon off my data easily and for free.
Almost certainly true! Clearview AI is being sued because they scraped the internet for all our faces. Ever posted a picture of yourself attached with your name ANYWHERE, EVER? You are now in the database. I realized that a talk i held at a software conference was posted on the internet and that meant that of course i'm now forever in all AI Databases anywhere.
There's a reason the NSA build yottabytes of storage for metdata and connections: Save now, decrypt later when Quantum Computers are ready. Every App, website, even your OS is spying on you. Ever google "Tor" or "Tails OS"? Congrats you are now in the NSAs Database as a potential extremist[0]
That being said: The least we can do is make surveilance more expensive. Use Tor, throwaway browser sessions, encrypted cloud storage etc. Your average normie is an open book with everything readable in the cleartext.
[0] https://en.wikipedia.org/wiki/XKeyscore
If I'm torn about anything for Tor 15, it's that the cadence didn't align with a minimum of Firefox 144 as base.
Why?
View Transitions support being implemented in 144 is a very big deal and pushes the web forward for native transition animations.
In the next two or three versions before the end of 2025, Anchor Positioning will also be a big deal.
So, congrats on Tor 15, but Tor 16 will bring a massive improvement for Tor!
Tor is not the same as Tor Browser. You mean Tor Browser 15 :)
The current version of Tor is 0.4.8.19: https://gitlab.torproject.org/tpo/core/tor
Thanks for correcting me!
Tor uses the ESR (Extended Support Release) version of Firefox.